80% of Spring framework downloads are exploitable versions

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions.

Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE publication.

Spring4Shell allows unauthenticated remote code execution. This week, the US...

Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j.

Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

However, attention is now shifting to the Spring4Shell exploit.

Spring4Shell is a zero-day remote code execution (RCE)...

These programming languages were most in-demand in 2021

Coding Dojo has released its annual review of the programming language skills most sought after from employers.

For its research, Coding Dojo scours jobs listing site Indeed. The company looks at what languages appear most in job descriptions and compares their prevalence with previous years to identify trends that could give you an advantage.

Python retained its lead in 2021 as the language which cropped up in the most (~70,500) job descriptions. Rounding out the top...

2022 Java Developer Productivity Report: Teams aren’t realising the promise of microservices

The latest edition of Perforce’s annual Java Developer Productivity Report highlights that teams aren’t realising the full promise of microservices and CI/CD.

Developers are often finding that microservices and CI/CD are decreasing their productivity rather than improving. 

Among CI/CD users, 42 percent of respondents report build completion times of over five minutes. The most common (33%) response was build times exceeding 10 minutes.

The highest...

State of Software Security v12: Don’t become complacent, but we’ve come a long way

Veracode’s latest State of Software Security report highlights that applications are, on average, more secure than ever.

Getting the negatives out the way first, the report warns about the devastating “domino effect” that one vulnerability can have on software across the globe.

One clear example of this in action was the SolarWinds attack in which hackers inserted malicious code into the company’s Orion software. Every company and organisation using Orion was...

SlashData: JavaScript and Python boast largest developer communities

A new report from SlashData highlights the huge growth in the global developer community over the past six months.

The developer economy research specialists estimate there are now 24.3 million global developers, as of Q1 2021. This has increased by around 14 percent from 21.3 million in October 2020.

JavaScript continues to attract new developers with around 1.4 million more than six months ago. The language also has, by some distance, the largest developer community at...

Microsoft announces its own LTS build of OpenJDK

Microsoft has announced the preview of its own build of OpenJDK, a free and open-source implementation of the Java SE platform.

The Microsoft Build of OpenJDK is a long-term support (LTS) distribution that includes binaries for Java 11, based on OpenJDK 11.0.10+9, on x64 server and desktop environments on macOS, Linux, and Windows.

In a blog post, Microsoft wrote:

“Microsoft deploys over 500,000 Java Virtual Machines (JVMs) internally – excluding all Azure...

TIOBE Index: Python slithers ahead of Java for the first time

The latest edition of the TIOBE Index has been released and highlights Python’s continued growth in popularity.

Here are the top 10 most popular languages according to TIOBE’s November 2020 index:

The most notable change in the top 10 is that exchange of places between Java and Python.

Python was created by Guido van Rossum and first released in 1991. The language has gained popularity in recent years due to its reputation of being relatively simple to...

Python holds its ground as Java slides in Redmonk’s language rankings

Programming language Python has had a good week, but the same can't be said for Java.

In language rankings this month released by IEEE, Python ranked number one with a comfortable lead ahead of Java. It's similar news in Redmonk's rankings this week.

Redmonk's biannual rankings measures GitHub pull requests and Stack Overflow queries over a period of six months to get an idea of the popularity of various programming languages.

JavaScript remains in top place...

GitHub warns Java developers about malware infecting NetBeans projects

GitHub has issued a warning to Java developers about malware which is specifically infecting NetBeans projects.

The security team for the world’s largest repository host has dubbed the malware Octopus Scanner and found “26 open source projects that were backdoored by this malware and that were actively serving backdoored code.”

GitHub notes the malware is designed to backdoor projects created using the Apache NetBeans IDE – a phenomenon they had not seen before...