#securesoftware — Public Fediverse posts on home.social

SoftwareMill @[email protected] · 2025-12-22 · 12:51 UTC

We tried “vibe coding” a web app with AI, then checked it against OWASP Top 10 2025.

Even a clean-looking MVP quickly picked up real security issues: SSRF, XSS, insecure defaults, missing logging.
Iterating with AI helped, but didn’t solve everything. See the results of the experiment:
https://softwaremill.com/vibe-coding-against-owasp-top-10-2025/

#OWASP #VibeCoding #AppSec #AIEngineering #SecureSoftware

#owasp #vibecoding #appsec #aiengineering #securesoftware

SoftwareMill @[email protected] · 2025-12-22 · 12:51 UTC

We tried “vibe coding” a web app with AI, then checked it against OWASP Top 10 2025.

Even a clean-looking MVP quickly picked up real security issues: SSRF, XSS, insecure defaults, missing logging.
Iterating with AI helped, but didn’t solve everything. See the results of the experiment:
https://softwaremill.com/vibe-coding-against-owasp-top-10-2025/

#OWASP #VibeCoding #AppSec #AIEngineering #SecureSoftware

#owasp #vibecoding #appsec #aiengineering #securesoftware

SoftwareMill @[email protected] · 2025-12-22 · 12:51 UTC

We tried “vibe coding” a web app with AI, then checked it against OWASP Top 10 2025.

Even a clean-looking MVP quickly picked up real security issues: SSRF, XSS, insecure defaults, missing logging.
Iterating with AI helped, but didn’t solve everything. See the results of the experiment:
https://softwaremill.com/vibe-coding-against-owasp-top-10-2025/

#OWASP #VibeCoding #AppSec #AIEngineering #SecureSoftware

#owasp #vibecoding #appsec #aiengineering #securesoftware

SoftwareMill @[email protected] · 2025-12-22 · 12:51 UTC

We tried “vibe coding” a web app with AI, then checked it against OWASP Top 10 2025.

Even a clean-looking MVP quickly picked up real security issues: SSRF, XSS, insecure defaults, missing logging.
Iterating with AI helped, but didn’t solve everything. See the results of the experiment:
https://softwaremill.com/vibe-coding-against-owasp-top-10-2025/

#OWASP #VibeCoding #AppSec #AIEngineering #SecureSoftware

#securesoftware #aiengineering #appsec #vibecoding #owasp

SoftwareMill @[email protected] · 2025-12-22 · 12:51 UTC

We tried “vibe coding” a web app with AI, then checked it against OWASP Top 10 2025.

Even a clean-looking MVP quickly picked up real security issues: SSRF, XSS, insecure defaults, missing logging.
Iterating with AI helped, but didn’t solve everything. See the results of the experiment:
https://softwaremill.com/vibe-coding-against-owasp-top-10-2025/

#OWASP #VibeCoding #AppSec #AIEngineering #SecureSoftware

#owasp #vibecoding #appsec #aiengineering #securesoftware

ActiveState @[email protected] · 2025-11-19 · 17:01 UTC

The EU Cyber Resilience Act (CRA) is about to fundamentally change how software teams build and ship products in the EU.

We break down how teams can prepare without slowing innovation.

Link to the full guide: https://www.activestate.com/blog/eu-cyber-resilience-act-and-secure-open-source-and-containers/

#EUCRA #DevSecOps #OpenSourceSecurity #SecureSoftware #ContainerSecurity

#containersecurity #securesoftware #opensourcesecurity #devsecops #eucra

ActiveState @[email protected] · 2025-11-19 · 17:01 UTC

The EU Cyber Resilience Act (CRA) is about to fundamentally change how software teams build and ship products in the EU.

We break down how teams can prepare without slowing innovation.

Link to the full guide: https://www.activestate.com/blog/eu-cyber-resilience-act-and-secure-open-source-and-containers/

#EUCRA #DevSecOps #OpenSourceSecurity #SecureSoftware #ContainerSecurity

#eucra #devsecops #opensourcesecurity #securesoftware #containersecurity

LMG Security @[email protected] · 2025-07-08 · 13:57 UTC

Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands

In June 2025, a quiet executive order from the White House eliminated several key cybersecurity requirements for federal systems. In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down what’s changing and why it matters for your organization.

We'll share:
▪ Which cybersecurity rules were rolled back (and which ones remain)
▪ What the removal of secure software attestations means for vendors
▪ Why post-quantum encryption and the FTC Cyber Trust Mark still matter
▪ How this moment echoes past compliance gaps like PCI
▪ What security leaders should prioritize right now

▶ Watch the video: https://youtu.be/GIWBHKwydMA
🎧 Listen to the podcast: https://www.chatcyberside.com/e/executive-order-shockwave-the-future-of-cybersecurity-unveiled/

#FederalCybersecurity #CyberExecutiveOrder #CybersecurityPolicy #ExecutiveOrder #CISOs #CyberCompliance #SupplyChainSecurity #ZeroTrust #PostQuantum #LMGSecurity #Cybersecurity #CyberRisk #SecureSoftware #CybersideChats #RiskManagement

#federalcybersecurity #cyberexecutiveorder #cybersecuritypolicy #executiveorder #cisos #cybercompliance

LMG Security @[email protected] · 2025-07-08 · 13:57 UTC

Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands

In June 2025, a quiet executive order from the White House eliminated several key cybersecurity requirements for federal systems. In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down what’s changing and why it matters for your organization.

We'll share:
▪ Which cybersecurity rules were rolled back (and which ones remain)
▪ What the removal of secure software attestations means for vendors
▪ Why post-quantum encryption and the FTC Cyber Trust Mark still matter
▪ How this moment echoes past compliance gaps like PCI
▪ What security leaders should prioritize right now

▶ Watch the video: https://youtu.be/GIWBHKwydMA
🎧 Listen to the podcast: https://www.chatcyberside.com/e/executive-order-shockwave-the-future-of-cybersecurity-unveiled/

#FederalCybersecurity #CyberExecutiveOrder #CybersecurityPolicy #ExecutiveOrder #CISOs #CyberCompliance #SupplyChainSecurity #ZeroTrust #PostQuantum #LMGSecurity #Cybersecurity #CyberRisk #SecureSoftware #CybersideChats #RiskManagement

#riskmanagement #cybersidechats #securesoftware #cyberrisk #cybersecurity #lmgsecurity

LMG Security @[email protected] · 2025-07-08 · 13:57 UTC

Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands

In June 2025, a quiet executive order from the White House eliminated several key cybersecurity requirements for federal systems. In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down what’s changing and why it matters for your organization.

We'll share:
▪ Which cybersecurity rules were rolled back (and which ones remain)
▪ What the removal of secure software attestations means for vendors
▪ Why post-quantum encryption and the FTC Cyber Trust Mark still matter
▪ How this moment echoes past compliance gaps like PCI
▪ What security leaders should prioritize right now

▶ Watch the video: https://youtu.be/GIWBHKwydMA
🎧 Listen to the podcast: https://www.chatcyberside.com/e/executive-order-shockwave-the-future-of-cybersecurity-unveiled/

#FederalCybersecurity #CyberExecutiveOrder #CybersecurityPolicy #ExecutiveOrder #CISOs #CyberCompliance #SupplyChainSecurity #ZeroTrust #PostQuantum #LMGSecurity #Cybersecurity #CyberRisk #SecureSoftware #CybersideChats #RiskManagement

#federalcybersecurity #cyberexecutiveorder #cybersecuritypolicy #executiveorder #cisos #cybercompliance

Neuronus Computing @[email protected] · 2025-06-02 · 15:00 UTC

Ensure your product's quality with our comprehensive software testing services—manual 📝, automated 🤖, and more.

From unit 🔍 to security 🔒 and Google Webmaster 🌐 testing, we make sure your program is bug-free, secure, and ready for smooth operations.

Trust Neuronus for reliable, top-notch testing solutions.
Contact us to be part of our creative journey!👉

https://v2.neuronus.net/contact/

#SoftwareTesting #AutomatedTesting #TopNotchTesting #SecureSoftware #TestingServices #Neuronus

#softwaretesting #automatedtesting #topnotchtesting #securesoftware #testingservices #neuronus

Neuronus Computing @[email protected] · 2025-06-02 · 15:00 UTC

Ensure your product's quality with our comprehensive software testing services—manual 📝, automated 🤖, and more.

From unit 🔍 to security 🔒 and Google Webmaster 🌐 testing, we make sure your program is bug-free, secure, and ready for smooth operations.

Trust Neuronus for reliable, top-notch testing solutions.
Contact us to be part of our creative journey!👉

https://v2.neuronus.net/contact/

#SoftwareTesting #AutomatedTesting #TopNotchTesting #SecureSoftware #TestingServices #Neuronus

#softwaretesting #automatedtesting #topnotchtesting #securesoftware #testingservices #neuronus

ActiveState @[email protected] · 2025-03-29 · 17:17 UTC

Want to level up your security game in 2025? 🔐

We’ve curated the Top 5 DevSecOps Events you can’t miss this year! These events are perfect for developers, security pros, and DevOps teams looking to stay ahead of open source security trends and strengthen their software supply chains.

Discover where to learn, connect, and innovate: https://www.activestate.com/blog/level-up-your-security-game-top-5-devsecops-events-to-attend-in-2025/

#DevSecOps #CyberSecurity #OpenSource #SecureSoftware

#securesoftware #opensource #cybersecurity #devsecops

ActiveState @[email protected] · 2025-03-29 · 17:17 UTC

Want to level up your security game in 2025? 🔐

We’ve curated the Top 5 DevSecOps Events you can’t miss this year! These events are perfect for developers, security pros, and DevOps teams looking to stay ahead of open source security trends and strengthen their software supply chains.

Discover where to learn, connect, and innovate: https://www.activestate.com/blog/level-up-your-security-game-top-5-devsecops-events-to-attend-in-2025/

#DevSecOps #CyberSecurity #OpenSource #SecureSoftware

#devsecops #cybersecurity #opensource #securesoftware

ActiveState @[email protected] · 2025-03-14 · 22:01 UTC

Broken access control is a critical vulnerability enterprises can’t afford to ignore. 🚨

In our latest blog, we dive into:
🔐 Real-world examples of broken access control
🛡️ The risks it poses to your organization
🔒 Best practices to mitigate vulnerabilities

Secure your software supply chain and protect your business. Read the blog today: https://www.activestate.com/blog/the-risks-of-broken-access-control-explained-vulnerabilities-examples-best-practices/

#CyberSecurity #DevSecOps #OpenSource #SecureSoftware

#securesoftware #opensource #devsecops #cybersecurity

ActiveState @[email protected] · 2025-03-14 · 22:01 UTC

Broken access control is a critical vulnerability enterprises can’t afford to ignore. 🚨

In our latest blog, we dive into:
🔐 Real-world examples of broken access control
🛡️ The risks it poses to your organization
🔒 Best practices to mitigate vulnerabilities

Secure your software supply chain and protect your business. Read the blog today: https://www.activestate.com/blog/the-risks-of-broken-access-control-explained-vulnerabilities-examples-best-practices/

#CyberSecurity #DevSecOps #OpenSource #SecureSoftware

#cybersecurity #devsecops #opensource #securesoftware

American Team @[email protected] · 2024-12-02 · 14:52 UTC

The Importance of Data Security in Business Software
Data security is crucial in our increasingly digital environment. Leading companies implement strong security measures in their software to safeguard sensitive information and build trust. How does your company approach data security?

#DataSecurity #SecureData #BusinessSafety #SecureSoftware

#datasecurity #securedata #businesssafety #securesoftware

jpmellojr @[email protected] · 2024-11-13 · 23:40 UTC

To avoid the next CrowdStrike fiasco, CISA recommends embracing safe deployment practices earlier in the SDLC. #CISA #SecureSoftware #SecureDeployment #SupplyChainSecurity
https://jpmellojr.blogspot.com/2024/11/cisas-secure-software-deployment-push.html

#supplychainsecurity #securedeployment #securesoftware #cisa

OpenSSF @[email protected] · 2024-09-20 · 17:00 UTC

💻 Empower your software development with OpenSSF's free "Developing Secure Software" and check out the newly added labs for practice countering attacks! ‍💻

🎥 Watch the demo: https://youtu.be/lGC2H6LYLXY?feature=shared

📚 Enroll here: https://hubs.la/Q02N_RB80

#SecureSoftware

#securesoftware

OpenSSF @[email protected] · 2024-09-20 · 17:00 UTC

💻 Empower your software development with OpenSSF's free "Developing Secure Software" and check out the newly added labs for practice countering attacks! ‍💻

🎥 Watch the demo: https://youtu.be/lGC2H6LYLXY?feature=shared

📚 Enroll here: https://hubs.la/Q02N_RB80

#SecureSoftware

#securesoftware

OpenSSF @[email protected] · 2024-09-20 · 17:00 UTC

💻 Empower your software development with OpenSSF's free "Developing Secure Software" and check out the newly added labs for practice countering attacks! ‍💻

🎥 Watch the demo: https://youtu.be/lGC2H6LYLXY?feature=shared

📚 Enroll here: https://hubs.la/Q02N_RB80

#SecureSoftware

#securesoftware

OpenSSF @[email protected] · 2024-09-20 · 17:00 UTC

💻 Empower your software development with OpenSSF's free "Developing Secure Software" and check out the newly added labs for practice countering attacks! ‍💻

🎥 Watch the demo: https://youtu.be/lGC2H6LYLXY?feature=shared

📚 Enroll here: https://hubs.la/Q02N_RB80

#SecureSoftware

#securesoftware

OpenSSF @[email protected] · 2024-09-20 · 17:00 UTC

💻 Empower your software development with OpenSSF's free "Developing Secure Software" and check out the newly added labs for practice countering attacks! ‍💻

🎥 Watch the demo: https://youtu.be/lGC2H6LYLXY?feature=shared

📚 Enroll here: https://hubs.la/Q02N_RB80

#SecureSoftware

#securesoftware