Critical OpenSSH vulnerability threatens millions of Linux systems

A severe vulnerability in OpenSSH's server (sshd) has been uncovered by Qualys’ Threat Research Unit (TRU), potentially affecting over 14 million Linux systems worldwide. The flaw, designated as CVE-2024-6387, allows for remote unauthenticated code execution (RCE) with root privileges on glibc-based Linux systems.

This vulnerability, stemming from a signal handler race condition, impacts sshd in its default configuration. Qualys researchers have identified approximately 700,000...

1 July 2024 | Developer

GitLab’s DevSecOps report highlights AI challenges

GitLab's 8th annual Global DevSecOps Report has unveiled a complex landscape of software development, highlighting disparities between executive perceptions and developer realities. The survey, conducted in April 2024, gathered insights from over 5,300 professionals across the software development spectrum.

While 69% of CxOs report shipping software at least twice as fast as last year, AI adoption remains low, with only 26% of respondents implementing AI in their workflows. This...

28 June 2024 | Approaches

Cisco: Developers spend majority of time firefighting

A new survey from Cisco reveals that software developers are spending more than 57% of their time in "war room" meetings to resolve application performance issues, rather than focusing on building new software to drive innovation. 

The findings highlight the immense pressure facing developers today. Globally, 85% of those surveyed report increased demands to accelerate software release velocity, while 77% cite mounting pressure to deliver seamless and secure digital...

8 May 2024 | Approaches

Puppet explores the benefits of platform engineering for security

An increasing number of organisations have built platform teams to help improve the developer experience – and the latest State of DevOps Report from Puppet has looked to show how platform engineering is improving security as well.

The 13th annual State of DevOps Report – which is also being called the State of Platform Engineering Report by Puppet – polled approximately 500 respondents, drawn primarily from IT practitioners and leaders who work either as part of or...

28 March 2024 | Developer

Leveraging PKI-Based Digital Certificates as Strategic Assets, Rather than Management Burdens

The procurement and management of digital certificates often constitutes a time-consuming manual process for IT and security teams. Trying to track the status and existence of all certificates with accuracy and timeliness can be an overwhelming task and burden. In order to fully realize the security value offered by certificates and their core technology, businesses can partner with trusted entities that can simplify and maximize the process.

Transforming digital certificates into...

8 January 2024 | Development Tools

Efficiency vs Control – The Pros and Cons of Automating Digital Certificates

Organizations always seek methods to increase security, improve efficiency, and relieve over-burdened IT resources. With escalating cyber threats and a new year, businesses will benefit from reviewing their digital infrastructure and certificate management practices for potential enhancements to bolster security, time management, and cost efficiencies. 

In preparation, it’s an excellent time to consider the pros and cons of digital certificate automation. Evaluating...

14 December 2023 | Developer

David DeSanto, GitLab: AI’s impact on software development in 2024

David DeSanto, Chief Product Officer at GitLab, foresees a paradigm shift in the realm of software development in 2024—with AI taking centre stage.

GitLab's 2023 Global DevSecOps Report serves as the foundation for these predictions, offering a glimpse into the future landscape of organisations' software development toolchains.

AI bias: A hurdle on the path to progress

In the short term, the accelerated integration of AI tools may present a formidable challenge: an...

7 December 2023 | Approaches

AI coding assistants: A double-edged sword for DevOps in 2024

A growing reliance on AI-powered coding assistants is reshaping how DevOps teams operate, for better or worse.

According to Forrester's 2024 cybersecurity, risk, and privacy predictions, AI coding assistants are becoming integral to boosting productivity. However, a cautionary note accompanies this technological shift, as Forrester warns of potential pitfalls that could lead to cybersecurity breaches.

Forrester predicts that the combination of inconsistent compliance and...

10 November 2023 | API

Stack Overflow reveals UK’s top 10 best-paid developer roles

Stack Overflow has unveiled the UK's top 10 best-paid developer positions, shedding light on the lucrative avenues within the industry.

Leading the pack are developers in senior executive roles, enjoying an average salary of £128,200 ($155,173). Notably, these professionals experienced a significant 30 percent increase in their salaries between 2022 and 2023, reflecting the industry's robust growth. 

Following closely are engineering managers, earning an average of...

9 October 2023 | Artificial Intelligence

Sauce Labs exposes some developers’ risky habits

A survey by Sauce Labs of 500 US-based developers has put the spotlight on some concerning practices.

One alarming discovery was the tendency of developers to push code to production without adequate testing. 67 percent of respondents admitted to this practice, jeopardising software quality, user experience, and system stability.

Additionally, 68 percent confessed to merging their own pull requests without review—raising concerns about potential security...

3 October 2023 | Artificial Intelligence