Snowflake Native Application Framework aims to help developers build and monetise apps

Piles of Euro notes.

Snowflake, the Data Cloud company has launched a Native Application Framework to empower developers to build, monetise and deploy applications.

Currently in private preview, developers can build applications and monetise them on Snowflake Marketplace, and consumers can securely install and run those applications, directly in their Snowflake instances, reducing the need for data to be moved. Snowflake is committed to providing its customers and partners with the best platform for...

80% of Spring framework downloads are exploitable versions

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions.

Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE publication.

Spring4Shell allows unauthenticated remote code execution. This week, the US...

Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j.

Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

However, attention is now shifting to the Spring4Shell exploit.

Spring4Shell is a zero-day remote code execution (RCE)...

2022 Java Developer Productivity Report: Teams aren’t realising the promise of microservices

The latest edition of Perforce’s annual Java Developer Productivity Report highlights that teams aren’t realising the full promise of microservices and CI/CD.

Developers are often finding that microservices and CI/CD are decreasing their productivity rather than improving. 

Among CI/CD users, 42 percent of respondents report build completion times of over five minutes. The most common (33%) response was build times exceeding 10 minutes.

The highest...

Ruby on Rails creator: 7.0 ‘is the version of Rails I’ve been longing for’

David Heinemeier Hansson, the creator of Ruby on Rails, says 7.0 is the version he’s “been longing for”.

Version 7.0 was released last Wednesday and brings with it several major upgrades:

https://www.youtube.com/watch?v=mpWFrUwAN88

Hansson says 7.0 is “the one where all the cards are on the table. No more tricks up our sleeves. The culmination of years of progress on five different fronts at once.”

Among the back-end upgrades is the ability for...

Google’s latest framework aims to prevent SolarWinds-like supply chain attacks

Google has unveiled a new framework called Supply chain Levels for Software Artifacts, or SLSA (pronounced "salsa").

The intention of SLSA is to help prevent the growing number of devastating supply chain attacks in recent years—such as the SolarWinds and CodeCov hacks.

Google describes SLSA as "an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain."

The company says that SLSA is inspired by its own...

O’Reilly: Python leads languages, React for web development, and ML/AI interest grows

Education giant O’Reilly has released data about its online platform which highlights some interesting software development trends.

The headline finding is that Python continues to be the programming language with the most interest.

Given the growth in topics relating to Python such as AI – and the language often considered the best to pick up for new developers – it’ll perhaps come of little surprise to hear of its popularity.

O’Reilly highlights...