#softwaresecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #softwaresecurity, aggregated by home.social.
-
Microsoft Unveils AI-Powered Red Teaming Tools to Bolster Software Security
Microsoft is shifting the conversation around AI safety from philosophical debates to hands-on action, empowering developers to build more secure software with innovative tools. With the launch of Rampart, a cutting-edge red-teaming tool, the company is putting AI-powered security into practice, helping developers…
#AipoweredSecurity #RedTeaming #SoftwareSecurity #Microsoft #GenerativeAi
-
Measuring AI Security Effectiveness Proves Elusive
Measuring AI security effectiveness is a complex challenge that can't be reduced to a single score or benchmark. Relying on benchmarks alone simply doesn't work when it comes to safeguarding AI systems.
#AiSecurity #ArtificialIntelligence #Benchmarking #SecurityEffectiveness #SoftwareSecurity
-
AI-assisted code does not move the outage, the audit, or the liability to the model vendor. It moves authorship faster than it moves responsibility.
I wrote about the verification gap, provenance, EU liability pressure, and why enterprise Java teams sit in an awkward middle. https://www.the-main-thread.com/p/ai-code-liability #AIAssistedDevelopment #SoftwareSecurity #Java
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
Pi's control layer is now the question. A May 9 research packet documents 2,369 catalog entries, provider routing, and package-trust issues that matter beyond personal use. Who owns the harness? What can change the agent? Teams considering deployment need answers before trust it.
#AIagents #softwaresecurity #opendev
https://www.implicator.ai/pi-the-coding-agent-behind-the-harness-engineering-hype-explained/
-
Pi's control layer is now the question. A May 9 research packet documents 2,369 catalog entries, provider routing, and package-trust issues that matter beyond personal use. Who owns the harness? What can change the agent? Teams considering deployment need answers before trust it.
#AIagents #softwaresecurity #opendev
https://www.implicator.ai/pi-the-coding-agent-behind-the-harness-engineering-hype-explained/
-
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen -
Security Tip: Your security is only as strong as your deepest dependency. 🛡️
While auditing direct libraries is standard, transitive dependencies (libraries your dependencies rely on) are often overlooked. Regularly generate dependency trees to visualize these hidden layers and identify vulnerable sub-components.
Stay ahead of emerging threats at https://cvedatabase.com
-
Security Tip: Your security is only as strong as your deepest dependency. 🛡️
While auditing direct libraries is standard, transitive dependencies (libraries your dependencies rely on) are often overlooked. Regularly generate dependency trees to visualize these hidden layers and identify vulnerable sub-components.
Stay ahead of emerging threats at https://cvedatabase.com
-
SAP unter Beschuss: Lieferkettenangriff auf npm-Pakete! Gestern, am 29. April 2026, traf ein gezielter Supply-Chain-Angriff – intern "Mini Shai-Hulud" genannt – die SAP-Entwicklungslandschaft. Angreifer schleusten bösartige Versionen dieser Pakete ein, mutmaßlich über einen kompromittierten Entwickleraccount. Dieser Vorfall zeigt einmal mehr: Software-Lieferketten sind kritische Angriffsflächen. #Cybersecurity #SupplyChain #SAP #npm #SoftwareSecurity #Cybercrime
-
SAP unter Beschuss: Lieferkettenangriff auf npm-Pakete! Gestern, am 29. April 2026, traf ein gezielter Supply-Chain-Angriff – intern "Mini Shai-Hulud" genannt – die SAP-Entwicklungslandschaft. Angreifer schleusten bösartige Versionen dieser Pakete ein, mutmaßlich über einen kompromittierten Entwickleraccount. Dieser Vorfall zeigt einmal mehr: Software-Lieferketten sind kritische Angriffsflächen. #Cybersecurity #SupplyChain #SAP #npm #SoftwareSecurity #Cybercrime
-
Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships. -
Warning: CVE-2025-40739 (CWEs: ['CWE-125']) found no CAPEC relationships.
Warning: CVE-2025-40741 (CWEs: ['CWE-121']) found no CAPEC relationships. -
KI-Modell findet 271 Sicherheitslücken in Firefox 150 – Mozilla sieht Zeitenwende für Softwaresicherheit
Seit Februar arbeitet das Firefox-Sicherheitsteam mit KI-Modellen von Anthropic zusammen, um latente Schwachstellen im Browsercode aufzudecken.
#firefox #anthropic #mozilla #softwaresicherheit #softwaresecurity
-
The EU’s Cyber Resilience Act (CRA) is a “GDPR moment” for #SoftwareSecurity.
In this #InfoQ #podcast, Viktor Peterson explores how the CRA is reshaping expectations for software producers & supply chain compliance.
Key highlights:
✅ Why SBOMs are operational assets
✅ The danger of "weaponized code" in your security tools
✅ The shift toward vendor-neutral discovery🎧 Listen now: https://bit.ly/429icwC
📄 #transcript included
-
The EU’s Cyber Resilience Act (CRA) is a “GDPR moment” for #SoftwareSecurity.
In this #InfoQ #podcast, Viktor Peterson explores how the CRA is reshaping expectations for software producers & supply chain compliance.
Key highlights:
✅ Why SBOMs are operational assets
✅ The danger of "weaponized code" in your security tools
✅ The shift toward vendor-neutral discovery🎧 Listen now: https://bit.ly/429icwC
📄 #transcript included
-
The EU’s Cyber Resilience Act (CRA) is a “GDPR moment” for #SoftwareSecurity.
In this #InfoQ #podcast, Viktor Peterson explores how the CRA is reshaping expectations for software producers & supply chain compliance.
Key highlights:
✅ Why SBOMs are operational assets
✅ The danger of "weaponized code" in your security tools
✅ The shift toward vendor-neutral discovery🎧 Listen now: https://bit.ly/429icwC
📄 #transcript included
-
The EU’s Cyber Resilience Act (CRA) is a “GDPR moment” for #SoftwareSecurity.
In this #InfoQ #podcast, Viktor Peterson explores how the CRA is reshaping expectations for software producers & supply chain compliance.
Key highlights:
✅ Why SBOMs are operational assets
✅ The danger of "weaponized code" in your security tools
✅ The shift toward vendor-neutral discovery🎧 Listen now: https://bit.ly/429icwC
📄 #transcript included
-
The EU’s Cyber Resilience Act (CRA) is a “GDPR moment” for #SoftwareSecurity.
In this #InfoQ #podcast, Viktor Peterson explores how the CRA is reshaping expectations for software producers & supply chain compliance.
Key highlights:
✅ Why SBOMs are operational assets
✅ The danger of "weaponized code" in your security tools
✅ The shift toward vendor-neutral discovery🎧 Listen now: https://bit.ly/429icwC
📄 #transcript included
-
AI Bolsters Software Security with Enhanced SAST Accuracy
Can artificial intelligence revolutionize software security by supercharging SAST accuracy and making testing a breeze for developers? By harnessing the power of AI, organizations can potentially transform the way they identify and fix vulnerabilities, without slowing down their software builders.
#ArtificialIntelligence #Sast #SoftwareSecurity #DeveloperTools #VulnerabilityManagement
-
AI that codes can also break systems 🔓 — so Anthropic launched Project Glasswing to find vulnerabilities before hackers do. With partners like NVIDIA, Apple, and Google, their AI model has already flagged thousands of serious bugs in major browsers and operating systems. Read the article to learn how this defensive approach could reshape software security ⚡
#ProjectGlasswing #Anthropic #Cybersecurity #AI #SoftwareSecurity
-
AI that codes can also break systems 🔓 — so Anthropic launched Project Glasswing to find vulnerabilities before hackers do. With partners like NVIDIA, Apple, and Google, their AI model has already flagged thousands of serious bugs in major browsers and operating systems. Read the article to learn how this defensive approach could reshape software security ⚡
#ProjectGlasswing #Anthropic #Cybersecurity #AI #SoftwareSecurity
-
AI that codes can also break systems 🔓 — so Anthropic launched Project Glasswing to find vulnerabilities before hackers do. With partners like NVIDIA, Apple, and Google, their AI model has already flagged thousands of serious bugs in major browsers and operating systems. Read the article to learn how this defensive approach could reshape software security ⚡
#ProjectGlasswing #Anthropic #Cybersecurity #AI #SoftwareSecurity
-
AI that codes can also break systems 🔓 — so Anthropic launched Project Glasswing to find vulnerabilities before hackers do. With partners like NVIDIA, Apple, and Google, their AI model has already flagged thousands of serious bugs in major browsers and operating systems. Read the article to learn how this defensive approach could reshape software security ⚡
#ProjectGlasswing #Anthropic #Cybersecurity #AI #SoftwareSecurity
-
AI that codes can also break systems 🔓 — so Anthropic launched Project Glasswing to find vulnerabilities before hackers do. With partners like NVIDIA, Apple, and Google, their AI model has already flagged thousands of serious bugs in major browsers and operating systems. Read the article to learn how this defensive approach could reshape software security ⚡
#ProjectGlasswing #Anthropic #Cybersecurity #AI #SoftwareSecurity
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
I’ve been thinking a lot about where AI coding tools stop being “helpful” and start becoming part of the runtime risk model.
This piece is about that line.
For Java teams, the real issue is not bad generated code. It’s excessive agency: shell access, secrets, MCP tools, and autonomous actions without enough containment.
https://www.the-main-thread.com/p/ai-coding-agents-security-java-blast-radius
#Java #Quarkus #DevSecOps #AICoding #SoftwareSecurity #EnterpriseJava
-
🚨 Alert: Tech Titans Unite! 🚨 Apparently, the world's biggest tech companies have banded together in a grand quest to "secure critical software," because apparently #AI is now a #superhero coder and we're all doomed without this committee of corporate overlords. 🤖💼 Oh, please, as if adding more buzzwords will magically make our software safe and sound. 🛡️✨
https://www.anthropic.com/glasswing #TechTitans #Unite #Coders #SoftwareSecurity #CorporateOverlords #BuzzwordOverload #HackerNews #ngated -
🚨 Alert: Tech Titans Unite! 🚨 Apparently, the world's biggest tech companies have banded together in a grand quest to "secure critical software," because apparently #AI is now a #superhero coder and we're all doomed without this committee of corporate overlords. 🤖💼 Oh, please, as if adding more buzzwords will magically make our software safe and sound. 🛡️✨
https://www.anthropic.com/glasswing #TechTitans #Unite #Coders #SoftwareSecurity #CorporateOverlords #BuzzwordOverload #HackerNews #ngated -
🚨 Alert: Tech Titans Unite! 🚨 Apparently, the world's biggest tech companies have banded together in a grand quest to "secure critical software," because apparently #AI is now a #superhero coder and we're all doomed without this committee of corporate overlords. 🤖💼 Oh, please, as if adding more buzzwords will magically make our software safe and sound. 🛡️✨
https://www.anthropic.com/glasswing #TechTitans #Unite #Coders #SoftwareSecurity #CorporateOverlords #BuzzwordOverload #HackerNews #ngated