GitLab update addresses pipeline execution vulnerability

GitLab has released critical security updates to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to run pipeline jobs as arbitrary users.

The company strongly recommends all GitLab installations be upgraded immediately to the latest versions: 17.1.2, 17.0.4, or 16.11.6 for both Community Edition (CE) and Enterprise Edition (EE).

The most critical vulnerability (CVE-2024-6385) affects GitLab versions 15.8 to 17.1.1. With a CVSS...

Critical OpenSSH vulnerability threatens millions of Linux systems

A severe vulnerability in OpenSSH's server (sshd) has been uncovered by Qualys’ Threat Research Unit (TRU), potentially affecting over 14 million Linux systems worldwide. The flaw, designated as CVE-2024-6387, allows for remote unauthenticated code execution (RCE) with root privileges on glibc-based Linux systems.

This vulnerability, stemming from a signal handler race condition, impacts sshd in its default configuration. Qualys researchers have identified approximately 700,000...

GitLab’s DevSecOps report highlights AI challenges

GitLab's 8th annual Global DevSecOps Report has unveiled a complex landscape of software development, highlighting disparities between executive perceptions and developer realities. The survey, conducted in April 2024, gathered insights from over 5,300 professionals across the software development spectrum.

While 69% of CxOs report shipping software at least twice as fast as last year, AI adoption remains low, with only 26% of respondents implementing AI in their workflows. This...

Cisco: Developers spend majority of time firefighting

A new survey from Cisco reveals that software developers are spending more than 57% of their time in "war room" meetings to resolve application performance issues, rather than focusing on building new software to drive innovation. 

The findings highlight the immense pressure facing developers today. Globally, 85% of those surveyed report increased demands to accelerate software release velocity, while 77% cite mounting pressure to deliver seamless and secure digital...

Puppet explores the benefits of platform engineering for security

An increasing number of organisations have built platform teams to help improve the developer experience – and the latest State of DevOps Report from Puppet has looked to show how platform engineering is improving security as well.

The 13th annual State of DevOps Report – which is also being called the State of Platform Engineering Report by Puppet – polled approximately 500 respondents, drawn primarily from IT practitioners and leaders who work either as part of or...

Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

Stack Overflow reveals UK’s top 10 best-paid developer roles

Stack Overflow has unveiled the UK's top 10 best-paid developer positions, shedding light on the lucrative avenues within the industry.

Leading the pack are developers in senior executive roles, enjoying an average salary of £128,200 ($155,173). Notably, these professionals experienced a significant 30 percent increase in their salaries between 2022 and 2023, reflecting the industry's robust growth. 

Following closely are engineering managers, earning an average of...

Sonatype reveals DevOps and SecOps leaders’ views on generative AI

While the tech community remains divided on the potential of generative AI tools, there's a consensus that their impact on the industry is comparable to the adoption of cloud technology.

Software engineers are harnessing generative AI to explore libraries, create new code, and enhance their development process, while application security professionals employ it for code analysis and security testing.

A recent survey conducted by Sonatype in the US sheds light on how...

Salt launches STEP program to enhance API security for enterprises

Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API...

Apexon partners with LambdaTest on digital experience testing

Apexon, a digital-first technology services company, and LambdaTest, a digital experience testing cloud, have teamed up to deploy cloud-based quality engineering and assurance solutions.

The collaboration will enable enterprise clients to accelerate time-to-market, improve user experience, and lower operational costs by building increased automation, agility, and security into their DevOps lifecycles.

The partnership brings together Apexon’s wide-ranging digital...