Google releases Flutter 3.7 and teases future improvements

Google held its Flutter Forward event this week where it announced version 3.7 of the framework and teased future improvements.

Flutter started life as a framework for developing Android and iOS apps. Over the years, it’s expanded to help developers build apps for not just mobile, but also desktop, web, and more, all from a single Dart codebase.

Google says Flutter has attracted five million developers and over 700,000 apps have been created using it. Based on GitHub...

Snowflake Native Application Framework aims to help developers build and monetise apps

Piles of Euro notes.

Snowflake, the Data Cloud company has launched a Native Application Framework to empower developers to build, monetise and deploy applications.

Currently in private preview, developers can build applications and monetise them on Snowflake Marketplace, and consumers can securely install and run those applications, directly in their Snowflake instances, reducing the need for data to be moved. Snowflake is committed to providing its customers and partners with the best platform for...

80% of Spring framework downloads are exploitable versions

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions.

Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE publication.

Spring4Shell allows unauthenticated remote code execution. This week, the US...

Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j.

Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

However, attention is now shifting to the Spring4Shell exploit.

Spring4Shell is a zero-day remote code execution (RCE)...

2022 Java Developer Productivity Report: Teams aren’t realising the promise of microservices

The latest edition of Perforce’s annual Java Developer Productivity Report highlights that teams aren’t realising the full promise of microservices and CI/CD.

Developers are often finding that microservices and CI/CD are decreasing their productivity rather than improving. 

Among CI/CD users, 42 percent of respondents report build completion times of over five minutes. The most common (33%) response was build times exceeding 10 minutes.

The highest...

Omniverse Code helps developers to build 3D design and simulation tools

Nvidia has announced Omniverse Code, a new app to make it easier for developers to build advanced tools for 3D design and simulation.

The app includes the Omniverse Kit SDK runtime along with foundational tools, templates, and documentation. Developers won’t have to build from scratch with hundreds of Omniverse Extensions available to edit, modify, or integrate into their own extensions or applications.

Interactive documentation helps users to experience features like...

2021 Stack Overflow Survey: React.js takes the web framework crown, Python is in-demand, and devs still love Rust

The 2021 edition of Stack Overflow’s developer survey features both substantial changes in the landscape while other elements have remained stubbornly resilient.

In a blog post, Stack Overflow’s Ben Popper and David Gibson wrote:

“This year’s survey was a little different than ones in years past. We opened our 2020 survey in February, and by the time we got around to publishing the results, the reality of work and daily life had shifted dramatically for people...

Google’s latest framework aims to prevent SolarWinds-like supply chain attacks

Google has unveiled a new framework called Supply chain Levels for Software Artifacts, or SLSA (pronounced "salsa").

The intention of SLSA is to help prevent the growing number of devastating supply chain attacks in recent years—such as the SolarWinds and CodeCov hacks.

Google describes SLSA as "an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain."

The company says that SLSA is inspired by its own...

Progress releases NativeScript 6.0 framework to speed up cross-platform development

Progress Software has released the latest version of its NativeScript framework, helping to speed up cross-platform development. NativeScript enables up to 70 percent of code from a web app to be reused for developing native software for mobile. The latest version of the framework adds: Support for Angular 8 and Vue.js, in addition to TypeScript and JavaScript. Support for the new Ivy rendering engine. Support for the new Android X library, enabling the use of the latest features of...

Microsoft open sources its Infer.NET machine learning framework

Microsoft appears to be in a benevolent mood after deciding to make its cross-platform machine learning framework open source. The company’s Infer.NET framework is used for model-based machine learning. It was first born at Microsoft Research in Cambridge, UK in 2004 and later released for academic use in 2008. Hundreds of papers have since been published using the framework across a variety of fields, everything from information retrieval to healthcare. In 2012, Infer.NET won a Patents for...