Skip to main content

Posts

From Phishing to Vishing: Why DevSecOps Must Rethink Communication Security

Key Takeaways: Vishing is the new frontline threat: Attackers are shifting from emails to phone-based scams, using AI and social engineering to bypass traditional security controls. DevSecOps must expand its scope: Securing code is no longer enough; communication channels like voice, chat, and messaging must be integrated into threat models and security pipelines. Human and technical defenses must work together: Strong architecture (encryption, authentication, Zero Trust) combined with employee awareness and verification practices is key to stopping modern social engineering attacks. As cybercriminals shift from email to phone lines, security professionals need to expand their scope. As a result, voice phishing or “vishing”, which involves social engineering through telephones or VOIP, is becoming increasingly common alongside traditional email phishing. Recent statistics indicate an exponential rise in vishing cases, which cost people over $1.2 billion in 2023. In this day and ...
Post a Comment
Read more
Recent posts

Shift-Left Performance Testing in CI/CD: A Practical LoadRunner Framework

CI/CD pipelines speed up software delivery, but performance testing is often delayed, resulting in late feedback and costly fixes. Many teams run tests earlier but fail to enforce performance as a deployment gate. This article provides a practical framework for integrating LoadRunner Enterprise into CI/CD pipelines, enabling continuous, automated and enforceable performance validations with early regression detection. The Problem: Shift Left in Theory Vs. Reality Despite the theory, many teams: Run tests only in QA or staging Perform manual reviews without automated enforcement Fail to block deployments when performance thresholds are breached The Real Challenge: It’s not the tools — it’s integration and enforcement. Shift left is effective only when performance is a primary release criterion, not just an earlier activity. Why Early Performance Validation Matters Delayed testing leads to late bottleneck discovery, slow feedback and production incidents. Integrating performan...
Post a Comment
Read more

Akrites: The Latest Attempt to Protect Open-Source From AI Attacks Has Arrived

Akrites, a new Linux Foundation initiative backed by many of the world’s largest tech and financial firms, is the industry’s latest attempt to get ahead of AI‑accelerated software supply chain risks by hardening critical open source projects before attackers can exploit them. On June 25, the Linux Foundation unveiled Akrites , a coordinated industry program designed to find, fix, and responsibly disclose vulnerabilities in open-source software exploited by AI-based attackers. It’s not the first such effort. But Akrites may be the most comprehensive. One such initiative is Chainguard’s Athena coalition , which seeks to repair open-source flaws before attackers can exploit them. Another is IBM and Red Hat’s Project Lightwell , which has similar goals. These two, however, seek to provide safe code and a platform for managing compliance, SBOMs, and governance across heterogeneous open‑source supply chains. Akrites’ mission, on the other hand, is to give the indus...
Post a Comment
Read more

AI Is Exposing a Growing Blind Spot in Open Source Security

With AI, teams across organizations are now building internal applications faster than ever, often pulling in open source libraries and frameworks without much thought about long-term support, lifecycle management, or security ownership. An unintended consequence of this is that unsupported open source software (OSS) is quietly spreading across environments faster than security and engineering teams can keep track of it. Most organizations already struggled with open source visibility before AI-assisted development became mainstream. Now, many are also accumulating technical debt at a much faster rate, creating future maintenance, security, and migration obligations every time new dependencies are introduced. The question is no longer simply how fast organizations can build software with AI. It’s whether they can securely govern and sustainably support the software ecosystems they are creating. Unsupported OSS is Becoming a Major Blind Spot Many organizations already have unsu...
Post a Comment
Read more

Qodo Extends Reach and Scope of AI Code Review Platform

Qodo this week extended its platform for managing code quality and governance to enable an artificial intelligence (AI) agent to review code spanning multiple repositories. Additionally, version 2.8 of the Qodo platform adds a custom rules miner that discovers coding patterns from existing codebase behavior and pull request (PR) history that are then used to create structured, enforceable rules. Finally, Qodo has added an ability to discover AI skills that contain code review instructions, coding standards, and engineering best practices across multiple repositories. The platform surfaces those skills in a portal that enables DevOps teams to centrally manage and assess their impact on software engineering workflows. Qodo CEO Itamar Friedman said these capabilities extend an agentic AI platform for governing code that is based on graph technology that tracks the relationships that exist between code. Whenever a pull request (PR) modifies a shared dependency, the agent reads the rep...
Post a Comment
Read more

HeroDevs Allies with Commonhaus Foundation to Support Open Source Software

HeroDevs this week revealed it has joined the Commonhaus Foundation as the founding member of the Open Source Sustainability Initiative (OSSI) after establishing partnerships with the open source Hibernate, Jackson, and Quarkus communities to provide commercial support for older versions of these frameworks. OSSI is a framework administered by the Commonhaus Foundation through which governance of open source software projects is provided. HeroDevs COO Rob Nalen said the provider of end-of-life support services for open source software sees a clear need to work more closely with maintainers of open source projects that don’t have the resources required to support enterprise IT organizations that for one reason or another are not able to upgrade to the latest version of an open source software framework in a timely manner. The alliance between HeroDevs and the Commonhaus Foundation, in effect, buys enterprise IT teams, especially if they operate in highly regulated industries, the ti...
Post a Comment
Read more

Undo Enables AI Agents to Diagnose Root Cause of Application Issues

Undo today revealed that its platform for recording interactions within applications can now be accessed by artificial intelligence (AI) agents via a Model Context Protocol (MCP) server. Company CEO Greg Law said this Undo AI capability makes it simpler for any agent to discover the root cause of any issue that otherwise would have required weeks or months to discover. That capability is now more critical than ever at a time when AI tools are generating massive amounts of code that is overwhelming the ability of humans to actually review, he added. The Undo platform records the complete execution of a program, including every instruction, variable, thread event and system call. That approach captures causality in a way that is deeper than what can be diagnosed solely by relying on log analytics and traces, said Law. An AI agent can then query the recording in the same way they reason about static code to determine exactly how an application functions, he added. Armed with those ins...
Post a Comment
Read more