develop.secure.software | Practical knowledge for dev and release teams

Secure Software Blogwatch

DevOps: Fix your dangerous redirects! Amex shows how

Richi Jennings

DevOps teams are still ignoring the danger of open redirector pages.

Secure Software Blogwatch

Post-quantum algo ‘SIKE’ dead: Did math geeks find key-encap back door?

Richi Jennings

Here’s more on NIST’s search for post-quantum cryptography: This week, is it in trouble?

Secure Software Blogwatch

Carbon aims to fix C++ memory safety (and other big flaws)

Richi Jennings

C++ sucks: It’s unsafe, unergonomic, has far too much legacy cruft and suffers from gatekeepers who won’t move with the...

Secure Software Blogwatch

AI ethics for DevOps: Diversity and ‘Kill All Humans’

Richi Jennings

AI has a big ethics problem—and it’s down to Dev and Ops to fix it.

Secure Software Blogwatch

Devs: Prep for PQC — post-quantum cryptography

Richi Jennings

Experts say we need new key-exchange and signature algorithms, to resist attacks from quantum computing. Orgs have had...

Secure Software Blogwatch

Devs: Don’t do DIY cryptography — Police CyberAlarm shows why

Richi Jennings

It’s a truism often repeated: Don’t roll your own cryptography! The Police CyberAlarm service deftly shows why.

Secure Software Blogwatch

Copilot's rocky takeoff: GitHub ‘steals code’

Richi Jennings

Should you use GitHub Copilot? “No,” say open-source fans. “Heck no,” say lawyers. “Yeah,” say the sort of devs who do...

Secure Software Blogwatch

Rejoice, devs and all! Privacy Pass standard nukes CAPTCHAs

Richi Jennings

Apple is to support the new Privacy Pass standard, to “attest” that its users aren’t robots. Google is expected to be...

Software Supply Chain Security

Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs

Richi Jennings

Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of...

Secure Software Blogwatch

How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection

Richi Jennings

The solution to use-after-free bugs is to *not* free memory. Google’s Chrome team is the latest group to jump on the...

Secure Software Blogwatch

DevOps: Fix your dangerous redirects! Amex shows how

Richi Jennings

DevOps teams are still ignoring the danger of open redirector pages.

Secure Software Blogwatch

Post-quantum algo ‘SIKE’ dead: Did math geeks find key-encap back door?

Richi Jennings

Here’s more on NIST’s search for post-quantum cryptography: This week, is it in trouble?

Secure Software Blogwatch

Carbon aims to fix C++ memory safety (and other big flaws)

Richi Jennings

C++ sucks: It’s unsafe, unergonomic, has far too much legacy cruft and suffers from gatekeepers who won’t move with the...

Secure Software Blogwatch

AI ethics for DevOps: Diversity and ‘Kill All Humans’

Richi Jennings

AI has a big ethics problem—and it’s down to Dev and Ops to fix it.

Secure Software Blogwatch

Devs: Prep for PQC — post-quantum cryptography

Richi Jennings

Experts say we need new key-exchange and signature algorithms, to resist attacks from quantum computing. Orgs have had...

Secure Software Blogwatch

Devs: Don’t do DIY cryptography — Police CyberAlarm shows why

Richi Jennings

It’s a truism often repeated: Don’t roll your own cryptography! The Police CyberAlarm service deftly shows why.

Secure Software Blogwatch

Copilot's rocky takeoff: GitHub ‘steals code’

Richi Jennings

Should you use GitHub Copilot? “No,” say open-source fans. “Heck no,” say lawyers. “Yeah,” say the sort of devs who do...

Secure Software Blogwatch

Rejoice, devs and all! Privacy Pass standard nukes CAPTCHAs

Richi Jennings

Apple is to support the new Privacy Pass standard, to “attest” that its users aren’t robots. Google is expected to be...

Software Supply Chain Security

Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs

Richi Jennings

Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of...

Secure Software Blogwatch

How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection

Richi Jennings

The solution to use-after-free bugs is to *not* free memory. Google’s Chrome team is the latest group to jump on the...