Semgrep’s Post

Tip of the Day for Wednesday, October 16 Use Secure Coding Practices Ensure in-house or outsourced software development teams follow secure coding guidelines such as OWASP Top 10. Regularly conduct code reviews and static analysis scans to identify vulnerabilities—train developers on security best practices, such as input validation and proper error handling. Educate non-technical staff on the importance of secure software development. #SecureCoding #OWASPTop10 #CodeReviews #StaticAnalysis #SecurityTraining #SoftwareDevelopment

Codacy Report Explores Challenges and Trends of Maintaining Software Quality in 2024 — PRBuzz.co — Codacy, a provider of #code #quality coverage, and #security #analysis #solutions #published #results from a #survey of more than #400 #software #development #professionals highlighting some of the #greatest #challenges #teams are facing #today in ensuring software quality. LISBON, #Portugal May #24 #2024 Codacy, a provider of code quality, coverage, and security analysis solutions, published results from a survey of more than 400 software development professionals, highlighting some of the greatest challenges teams are facing today in ensuring software quality. While there wasn't a single #standout #challenge the four most #common #issues #developers #face in their efforts to ship high-quality code are a lack of time

Are you wondering how your organization can achieve a secure Software Development Life Cycle (SDLC)? Watch the latest episode of #VeritasLIVE to learn best practices for early security integration from Veritas Field CISO Joye Purser. Details: https://vrt.as/44o7VNk

"The earlier in the development process you can identify and fix vulnerabilities, the cheaper it is," states Karl Krukow, Senior Director of Software Engineering at GitHub, during GOTO Copenhagen 2023. Recently, the #GOTO Conference released Karl Krukow's presentation, "GitHub Advanced Security: Helping Developers Secure the World’s Software." I highly recommend this insightful presentation to all software engineers and MedTech leaders in my network. It provides invaluable information on integrating security into CI/CD pipelines to minimize potential risks and remediation costs. In his presentation, Karl Krukow identifies three critical sources that can impact application security: - 𝐓𝐡𝐞 𝐜𝐨𝐝𝐞 𝐲𝐨𝐮'𝐫𝐞 𝐰𝐫𝐢𝐭𝐢𝐧𝐠 (which is constantly expanding); - 𝐘𝐨𝐮𝐫 𝐜𝐨𝐝𝐞 𝐝𝐞𝐩𝐞𝐧𝐝𝐞𝐧𝐜𝐢𝐞𝐬 (including the often unknown dependencies of those dependencies); - 𝐘𝐨𝐮𝐫 𝐚𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐬𝐞𝐜𝐫𝐞𝐭𝐬 (which may be exposed in your project and are not secure even in private repositories—watch the video for more details). To address these challenges, GitHub Advanced Security offers a suite of tools designed to enhance the security of code at the earliest stages of development. By integrating security into your CI/CD pipeline and combining it with end-to-end testing, automatic documentation, and automated release/deployment, you can: - Demonstrate to auditors that your company maintains a high standard of quality and security for every new development, essential for ISO 27001 and ISO 13485 certifications. - Enhance the security of your code without additional resources. - Enable your developers to deliver code to production faster and more securely, thanks to automated checks and actions. Achieving this level of maturity requires an upfront investment. However, once these automations are implemented, your team’s operational efficiency, as well as your solution’s quality, stability, and security, will significantly improve. If you're ready to invest in these resources but unsure where to start, send me a PM. Watch the presentation here: https://lnkd.in/g-PuMgyT #security #quality #efficiency #softwareengineering #automation #medtech #iso

Codacy Report Explores Challenges and Trends of Maintaining Software Quality in 2024 — MediaContacts.co — Codacy, a provider of #code #quality coverage, and #security #analysis #solutions #published #results from a #survey of more than #400 #software #development #professionals highlighting some of the #greatest #challenges #teams are facing #today in ensuring software quality. LISBON, #Portugal May #24 #2024 Codacy, a provider of code quality, coverage, and security analysis solutions, published results from a survey of more than 400 software development professionals, highlighting some of the greatest challenges teams are facing today in ensuring software quality. While there wasn't a single #standout #challenge the four most #common #issues #developers #face in their efforts to ship high-quality code are a lack of time

When you're busy building and releasing, security can be an afterthought. Start here with an intro to secure software development lifecycle.

Elevate your software development practices by implementing signed commits to ensure code integrity. Protect your intellectual property and strengthen your GitHub security with our latest insights on best practices. #CodeIntegrity #GitHubSecurity #SignedCommits https://bit.ly/4dTEBlF

This was my result from the Digital Skills self-assessment test. I want to focus on Software Development, Security and Data. You can test your skills here: https://lnkd.in/dZHStr2N #nocodeinstitute

Software Engineers, learn to be absolutely patient, and for that I mean wholeheartedly. Code mistakes do not always result in a compile error. Not everything is built for you; hence, in the extent of your deadline and capability, read. One example, would be the code that I uploaded in the picture. For instance, I want to build a file reader to go back once, go in workspace, go in server, and go in com.jinhiro.test directory. Look at the difference of the buggy path and the actual path: The triple dot is a mistaken syntax that is isn't recognizable as a syntactic sugar for a directory, while the double dot is a world-wide recognizable syntactic sugar to go back for one directory, especially in Linux-based operating systems. This, hence, does not cause an error, but you would be trying your hardest to find one single mistake, which is literally, a dot, which could take per se three hours or even more.

Excellent news 👏 The next week (whole week), Stefan Đokić will share contents about API's. Don't lose this opportunity to refresh, or maybe gain new knowledge about API's.