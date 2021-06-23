Cancel
Veracode: 79% of devs don’t update third-party libraries in their code

By VB Staff
VentureBeat
 7 days ago

Cover picture for the articleThe Veracode State of Software Security (SoSS) v11: Open Source Edition found that 79% of the time, third-party libraries are never updated by developers after being included in a codebase. This edition of SoSS focuses on open source applications and components — and based on the analysis of 13 million scans of more than 86,000 repositories containing more than 301,000 unique libraries. The analysis also includes survey results on the use of third-party software from nearly 2,000 developers.

venturebeat.com
Recipestechnonu.com

TikTok already allows third-party integrations in videos

It’s official, TikTok presents Jump as a way that creators around the world can now expand the dynamics of your videos in association with third-party integrations. TikTok defines Jump as mini-programs and services that creators can link to within their videos, and that it has been in limited testing with select creators and a number of third-party partners since last February.
Coding & ProgrammingAtomic Spin

Using Docker as a Dev Environment with VS Code: Part 2

In my last post, I covered the basic process of setting up VS Code to allow you to use Docker as a development container. This is sufficient for a simple project. However, your average full-stack web project may require several containers running together. Today, I’m going to explore a strategy for using VS Code Remote-Containers and Docker Compose to develop a complex project.
Video Gamesinputmag.com

How to use a third-party controller with Luna

Want to try out Amazon’s new game streaming service, Luna? An above-average internet connection isn’t the only thing you’ll need. Luna is a cloud-based game service, which means you can download the Luna app or open the service in a browser and play on lots of different devices, including an iPhone or Android, a Fire TV stick, or your computer. While you won’t need a console...
Economysecurityboulevard.com

Third-party Data Breaches: A Rising Threat

As the infamous SolarWinds Attack wreaked havoc on several organizations around the world, the importance of including supply chain risk management in an organization’s security framework became glaringly clear. The attack served as a reminder that security and privacy risks can come from a variety of vectors, including third-party service providers and vendors.
Softwaresecuritysenses.com

Glaring Gap in Open Source Security: Veracode Finds 80 percent of Libraries Used in Software Are Never Updated

BURLINGTON, Mass., June 22, 2021 – Veracode, the largest global provider of application security testing (AST) solutions, today launched new research that finds nearly 80 percent of the time, third-party libraries are never updated by developers after being included in a codebase - despite the fact that more than two thirds of fixes are minor and non-disruptive to the functionality of even the most complex software applications. Open source libraries constantly evolve so what appears secure today may no longer be so tomorrow, potentially creating a significant security risk for software vendors and users. The Veracode State of Software Security (SoSS) v11: Open Source Edition analyzed 13 million scans of more than 86,000 repositories containing more than 301,000 unique libraries, and also surveyed nearly 2,000 developers to understand how they use third-party software.
InternetFudzilla

Google delays third party cookie phase out

Google is announcing today that it is delaying its plans to phase out third party cookies in the Chrome browser until 2023, a year or so later than originally planned. While browsers like Safari and Firefox have already implemented some blocking against third party tracking cookies, at the moment Chrome's shift to blocking is a lot more important.
SoftwareThe Windows Club

Fix error code 0xc1420121, Couldn’t install Windows 10 Feature Update

This article lists the possible solutions to fix the error code 0xc1420121, We couldn’t install this Windows 10 feature update. One cause of this error is system file corruption. Some users have also stated that they started experiencing this error on their system after installing the Macrium Reflect software. We...
Coding & Programmingappdevelopermagazine.com

ABBYY updates machine learning library

ABBYY has announced a major update for NeoML adding support of the Python programming language, and offers 5-10x speed improvements as well as 20+ new ML methods. ABBYY announced a major update for NeoML, its cross-platform open-source machine learning library that allows developers to build, train and deploy machine learning models. The update adds support of the Python programming language, the most popular language for machine learning and AI. The framework also offers 5-10x speed improvements as well as 20+ new ML methods including 10 network layers and optimization methods. Additionally, NeoML now supports Apple M1 chips, GPU on Linux-based machines, and Intel GPU. This significantly expands addressable use cases and scenarios for the library while enabling more developers to use it to build AI-powered applications and solutions.
Cell PhonesTechRepublic

GoPro introduces API initiative for third-party developers

The move timed to a Hero9 Black firmware update is intended to allow new, innovative connections, the company says. GoPro announced on Tuesday an open API initiative for HERO9 Black integrations from third-party developers. According to a news release, Open GoPro is live with the release of the camera firmware update v1.6. The Open GoPro API (available on GitHub) is the primary way for users to interact with a GoPro camera, the company says on its website.
Cell Phonesvmware.com

send notification to third-party and license utilization

Currently examining the notification functions of vRealize Operations 8.4. I found this doc about the notification settings: https://docs.vmware.com/en/vRealize-Operations-Manager/8.4/com.vmware.vcom.core.doc/GUID-86831697-53... and would like to confirm whether vROPS can be configured to send alerts/notifications to third-party apps or not??. The plan is to utilize smartphone apps (e.g. telegram, whatsapp, line...)to receive warnings from...
Electronicspetapixel.com

GoPro Launches API for 3rd-Party Devs to Integrate the HERO9 Black

GoPro has announced Open GoPro, a new open API initiative that allows third-party developers to integrate the HERO9 Black action camera into their projects. “Do you love to develop, tinker, or hack?” GoPro writes on the new API site. “Open GoPro is an easy-to-access, limited-support software platform for developers to tailor their HERO9 Black cameras to fit their needs or build it into their product through a wireless connection (BLE or Wi-Fi).”
Softwarenationalcybersecuritynews.today

Salesforce adds low-code dev tools to its platform | #itsecurity | #infosec

Salesforce has added new development tools to its platform to enable customers to create and ship apps regardless of technical skill or role. Its Salesforce Platform now sports low-code tools for interactive app development and automation and new elastic computing, AI-driven data protection, identity management, and DevOps capabilities. Salesforce said this new functionality would accelerate business outcomes and allow anyone in an organisation, such as business users, admins, designers, and developers, to build apps and processes using low code.
SoftwareForbes

Is In-House Or Third-Party Delivery Right For Your Company?

Co-Founder and CEO of Onfleet. In the past year, quick and high-quality delivery has become the norm for customers. As a result, it has become a must-have for retailers in every industry. This trend is showing no signs of slowing down, so many retailers have started developing and implementing long-term delivery strategies. However, with a variety of third-party delivery companies out there, many retailers are likely asking themselves: Should we outsource our delivery or take it in-house?
Technologywhatsnewinpublishing.com

Why great content beats third party cookies

2022 will mark the end of an era: the death of the third party cookie. After Google announced they would be phasing out this cookie, which gathers user data across platforms and makes it available to advertisers, the marketing and online publishing industry has been on a state of high alert.
InternetComputer Weekly

Google hands third-party cookies a stay of execution

Google has postponed the introduction of its planned Privacy Sandbox initiative – including the timeline for the phasing out third-party cookies in the Chrome web browser – to the middle of 2023, saying it has “become clear” that it needs more time to get things right. This comes less than...
SoftwareTech Times

Lightrun is Redefining Code Observability and Debugging

The experience of being a developer has changed drastically over the last few years. This has naturally led to the creation of a number of companies that have created products and services specifically tailored to help developers. Despite this, there are few of these companies that truly stand out. Recently, however, there has been a newer entrant to the market of developer-led startups and they are allowing developers to get a piece of software that helps them to work more efficiently by creating full visibility of their existing code . This company is called Lightrun, and was founded in 2019 by Ilan Peleg and Leonid Blouvshtein and has gone from strength to strength since then.
Softwarevmblog.com

Red Hat Expands Workload Possibilities Across the Hybrid Cloud with Latest Version of OpenShift

Red Hat, Inc. announced Red Hat OpenShift 4.8, the latest version of the industry's leading enterprise Kubernetes platform. Providing a powerful foundation to develop and connect diverse workloads across the hybrid cloud, Red Hat OpenShift 4.8 helps organizations accelerate the creation of new cloud-native applications without abandoning existing environments and IT investments.
SoftwareVentureBeat

Microsoft launches Azure Arc-enabled SQL in general availability

Microsoft today announced the launch of Azure Arc-enabled SQL, which extends Azure services to instances hosted on an edge datacenter or in a multicloud environment. Coinciding with this, the company rolled out an expanded Azure Arc partner ecosystem, validating Azure Arc against distributions including Dell PowerFlex, Red Hat OpenShift, and VMWare Tanzu.
SoftwareVentureBeat

Copado acquires Qentinel to bring multicloud software testing to DevOps

Copado, a developer operations (DevOps) company initially built for the Salesforce ecosystem, has announced plans to acquire AI-powered software testing platform Qentinel. Terms of the deal were not disclosed. The software testing market was estimated to be worth $45.6 billion last year, a figure that’s expected to more than double...