AppSec
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
Devs know AI code is riddled with holes, but ship it anyway
Research by AppSec biz Checkmarx finds that 70 percent of developers believe AI-generated code has more vulnerabilities, and 30 percent knowingly ship vulnerable code into production. The report is based on responses from 2,350 global developers, CISOs, and AppSec managers, and follows similar annual surveys since 2023. The number of respondents is 54 percent higher this year than last, and the increased sample size may account for a somewhat surprising statistic: the reported proportion of...
Show HN: DepsGuard – one command to harden NPM/pnpm/yarn/bun/uv configs
I kept seeing every npm/pnpm/yarn/bun/uv supply chain post end with the same advice (set a minimum release age, turn off install scripts), and while I know cooldowns are "controversial", they do work. But even if you convince people that they should set cooldowns, it seems many don't end up following through, not sure why, maybe because it means hand-editing five config files in five formats with five different time units, or perhaps the "it won't happen to me" syndrome (or "I'll do it...