Chief Scientist Emeritus Fabian Yamaguchi and foundational Code Property Graph technology recognized with IEEE Test of Time Award
GitHub Copilot, the AI-powered coding assistant, has emerged as a game-changer in the software development landscape. By harnessing the power of generative AI, Copilot promises to accelerate coding tasks, boost developer productivity, and even democratize coding by making it more accessible to newcomers. However, as with any transformative technology, there are caveats. In Copilot’s case, […]
READ MOREShortcomings of static program analysis in practice Creating programs that analyze other programs is a fascinating idea in itself. It hurts me to say that static code analysis has a remarkably bad reputation among practitioners. If you have performed security assessments and used these tools, you may agree that pinpointing the concrete shortcomings of these […]
According to the 1980’s cartoon G.I. Joe, “knowing is half the battle.” Unfortunately, threat actors often have more information than their targets, which is why they’re so successful. For developers and AppSec teams, having information about threat actor tactics, techniques, and procedures (TTPs) helps even the digital battlefield. Threat intelligence feeds provide data about malicious […]
The National Cybersecurity Strategy Implementation Plan plays a vital role in safeguarding the digital infrastructure of the nation. This comprehensive plan, outlined by the White House, is comprised of three pillars and sets forth a roadmap to enhance cybersecurity measures across various sectors. Pillar Three of the implementation plan focuses on the need for developers […]
Software engineers’ ideal state includes being able to work with minimal disruption. This “flow state” is when they are most productive and have the best chance of delivering the products and features they are tasked with producing within the required timeline. Whenever something adversely impacts their flow state productivity, mental health, and overall effectiveness may […]
Our customers have repeatedly communicated a desire to deliver secure software without compromising software delivery timelines. At the same time, they have frequently reported that traditional software composition analysis (SCA) tools create an overwhelming number of open-source vulnerability tickets. To quantify the problem, we ran an experiment with a cross-section of our customers. An analysis […]
There has been rapid digital transformation in the healthcare industry in recent years. While this has brought numerous benefits, it has also opened up new avenues for cyber threats and vulnerabilities. One such example is the Medtronic cardiac device security vulnerability, which has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory […]
Artificial intelligence (AI) and machine learning (ML) have been in our daily lives for years. Simple examples of their pervasiveness include financial fraud detection, product search optimization, and ad targeting. In cybersecurity, we’ve been applying machine learning to endpoint detection for at least a decade. Other examples include k-means clustering in spam detection and intrusion […]
In the ever-evolving world of cybersecurity, staying informed about the latest threats and trends is crucial. To cater to the growing need for expert insights, we are thrilled to announce the launch of the new Hacking Exposed podcast. Hosted by renowned cybersecurity expert Stuart McClure, this podcast promises to be a treasure trove of knowledge […]
MoveIT Transfer, a widely-used file transfer software, recently suffered a severe vulnerability, triggering a wave of ransomware attacks by criminal groups such as cl0p. The implications of this vulnerability and the subsequent attacks have raised alarm bells across the cybersecurity community. To effectively combat these threats, it is crucial to emphasize the importance of automating […]