Cyber Defense Magazine

The New AI Arsenal: Why LLMs and Transformers Matter for CISOs

As Chief Information Security Officers (CISOs) and security leaders, you are tasked with safeguarding your organization in an ...
Communications of the ACM

Safe Coding

Safe coding is a collection of software design practices and patterns that allow for cost-effectively achieving a high degree ...

Azul Warns Enterprises of Looming Java Application Modernization Crisis as Multiple Java Versions Near End of Support

Azul, the trusted leader in enterprise Java for today’s AI and cloud-first world, today warned enterprises of a growing Java application modernization crisis driven by technical debt and converging ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...

Why LLMs are plateauing – and what that means for software security

AI coding assistants and agentic workflows represent the future of software development and will continue to evolve at a rapid pace. But while LLMs have become adept at generating functionally correct ...
Software Engineering Institute

Temporal Memory Safety in C and C++: An AI-Enhanced Pointer Ownership Model

This podcast explores updates to the Pointer Ownership Model for C, a modeling framework designed to improve the ability of developers to statically analyze C programs for errors involving temporal ...
IEEE

Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection

Abstract: Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, ...
InfoWorld

How pairing SAST with AI dramatically reduces false positives in code security

In our study, a novel SAST-LLM mashup slashed false positives by 91% compared to a widely used standalone SAST tool. The promise of static application security testing (SAST) has always been the ...