Nearly half (45%) of AI-generated code contains security flaws despite appearing production-ready, new research from Veracode ...

"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language. InfoQ spoke with book authors on how these rules can help Java developers.

Secure coding: Prevent unauthorized access through path traversal (CWE-22) CWE-22 describes the improper modification of a path name to a restricted directory. How can the vulnerability be addressed?

WhiteHat Security, a Web security company, recently announced the latest edition of the “WhiteHat Security Website Security Statistics Report,” which takes a deeper look into the security of a number ...

A new product from computer security firm @stake Inc. will help developers search computer code for errors, security holes and other flaws that malicious hackers can use to break applications ...

New Java Zero-day Flaws uncovered by Security Explorations, a Poland-based vulnerability research firm, can be used by an attacker to execute code on a victim's computer.

The flaw allowed untrusted Java code, executing within an otherwise secure JVM, to invoke any executable (i.e., format) if the code had been given the legitimate ability to invoke at least one ...

Community driven content discussing all aspects of software development from DevOps to design patterns. There’s really nothing new under the sun when it comes to addressing security vulnerabilities in ...

New research from software security specialist Fortify reveals that bugs are far less common in Java compared with commercial C/C++ code ...

The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016. The flaw is in how .NET coding libraries handle deserialization operations, leading ...