@theia has just published some guidance on integrating #GenerativeAI within a secure #SDLC program. I always look forward to hearing comments and feedback from others in the #infosec community, but this time around I hope to hear from the #softwareengineering and #softwaretesting communities too!

https://www.theia.institute/publications/integrating_ai_with_secure_sdlc/index.html

A kind of follow-up my post yesterday, but this goes more into the software development lifecycle (#SDLC) of software combining classical and quantum computing. Figure 2 and 3 illustrates how both worlds could be combined into on SDLC.

https://arxiv.org/abs/2307.16345

#quantumcomputing #quantum #softwaredevelopment #software

I've wrapped up SpotBugs/FindSecBugs in a bow 🎁 in a GitHub Action, so you can use it in GitHub Code Scanning - free for open source projects, and also available for paid users of GitHub Advanced Security.

SpotBugs and FindSecBugs work with JVM languages - Scala, Java, and Clojure, mainly.

https://github.com/marketplace/actions/spotbugs-with-findsecbugs

Point it at the results of the build, and go.

#GitHub #SAST #Scala #JVM #Clojure #Java #CodeSecurity #SpotBugs #FindSecBugs #DevSecOps #SDLC

I’ve released more GitHub :github: Secret 🔑 Scanning 🔎 custom patterns, which you can use with Advanced Security.

Some are 🔥 (IMHO), some are for auditing only - e.g. my “common passwords” pattern, written to spot some of the most commonly leaked weak passwords - “P@55word123!” etc.

We have DataDog, Sentry, .Net configs, MS SQLServer user creation, and Bearer tokens.

https://aegilops.github.io/posts/new-github-secret-scanning-custom-patterns/

#GitHub #SecretScanning #AppSec #SDLC #regex

I’ve released more GitHub :github: Secret 🔑 Scanning 🔎 custom patterns, which you can use if you have Advanced Security.

Some are 🔥 (if I say so myself), some are for auditing only - e.g. my “common passwords” pattern, written to spot some of the most commonly leaked weak passwords - “P@55word123!” and the like.

We’ve got DataDog, Sentry, .Net configs, MS SQLServer user creation, and Bearer tokens.

https://lnkd.in/eqRG_FRa

#GitHub #SecretScanning #AppSec #SDLC #SecretsManagement #regex

CodeNOW is now available on #Azure marketplace.

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/codenow.codenow-offer

www.codenow.com

#vsdp #pass #iass #devops #sdlc

Microsoft :microsoft: have an open job for a Security Program Manager for Open Source.

“Help us solve open source security challenges at scale, both for the company and the world. If you live at the intersection of open source, software engineering, security, and making things happen, please take a look… [It] is US-based, but…up to 100% remote”

https://jobs.careers.microsoft.com/global/en/job/1575779/Senior-Security-Program-Manager

#jobs #SDLC #AppSec #OpenSource #OpenSSF #Security #CodeQL

Peeps, can we maybe all agree to use Semver correctly, i.e. when a dep's patch version is updated, I don't even want to have to read the release notes, for minor updates I might check for nice new features and only for major bumps I MUST read the release notes. 🙏 #sdlc #sbom #keepingMySanity

Such a fascinating talk by Johan Venter, “An overview of software development at the SKA Observatory”.
Dev & testing covered in this great talk!

#devconf #SKA #SDLC

In Part 3 of the #CTO Podcast 🎙️ with @etdebruin of @7ctos, @calvinhp talks about optimizing #development with #automation.

👉 LISTEN: https://t.co/QYjmX0khzf

🚀 Accelerate with the BEST Framework: https://t.co/Svtplwj5ms

#SDLC #softwaredevelopment #bestpractices https://t.co/oIqaCoRyIj

Why does #EventModeling matter?

Agilists try to confuse people into thinking R&D (where you trial & error a lot and iterate) is engineering. It's only a part of engineering in the initial phase. #Engineering is working from the resulting blueprints and schematics to build in a reliable and predictable manner. #Agile software development is NOT engineering.

If you're new to this concept, go to EventModeling.org to read more.

#Research #Development #SDLC

Explore the ultimate framework for accelerating your Software Development Life Cycle (SDLC).

📆 Schedule a free demo of BEST: https://t.co/Svtplwj5ms 

#SDLC #softwaredevelopment #bestpractices

✨ Want to learn more about accelerating your Software Development Life Cycle (#SDLC)? 🚀Schedule a free demo of the BEST™ framework: https://t.co/ceDGbMko2b

"@datadoghq acquires @Codiga"

Love this! Lots of my time at @CATechnologies & @splunk was on #data-driven #ValueStreamManagement in #SDLC, incl. code quality & security scanning.

Smart pickup for $DDOG esp. since $SPLK abandoned #VSM & #DevTeam tools.

https://www.datadoghq.com/blog/datadog-acquires-codiga/

Whoo... this is a meaty one, capturing (at a high level) pretty much everything I know today about the media library manager. Technically I'm caught up on the A-Z Blog Challenge (no posts outstanding) but I don't have one yet for tomorrow.

http://www.kjd-imc.org/blog/media-library-midpoint-status-check/

#MediaLibrary #SDLC #AZBlogChallenge #DataModeling

What with being two days behind schedule for 'L Day', 'Little Bit Late' could've been an acceptable title also.

http://www.kjd-imc.org/blog/media-library-learning-through-doing/

#MediaLibrary #SDLC #AZBlogChallenge #DataModeling

Expanding a little on column type definitions, tomorrow probably looking more specifically at how entities would be modeled.

http://www.kjd-imc.org/blog/keiths-custom-column-types/

#MediaLibrary #SDLC #AZBlogChallenge #DataModeling

There's a reason 'J' is worth 8 points in Scrabble. I ended up with something of a contrived post title for 'J' day.

Here, I take a look at the metadata options in calibre, and touch a little on how I think I might implement a similar concept in my media library (which I might expand on in tomorrow's post, if I can come up with a title starting with 'K').

http://www.kjd-imc.org/blog/media-library-just-what-metadata-is-there/

#MediaLibrary #SDLC #AZBlogChallenge #DataModeling

Right, I knew not all programming is the same, but I haven't had it hit this hard in a while. Time to crack some books.

http://www.kjd-imc.org/blog/media-library-i-learn-today/

#MediaLibrary #SDLC #AZBlogChallenge #TodayILearn

"When #DevOps Meets #Security to Protect #Software"

Great in-depth piece w/ practical & actionable steps for developers & engineers to meet the #SDLC #cybersecurity imperative in their Software Supply Chain. So much more than lip service to #DevSecOps!

https://www.infoq.com/articles/devops-security-best-practices/