TheServerSide

Best Java static code analysis tools for code quality automation

One of the best ways to protect your software project from avoidable bugs is the use of Java static code analysis tools. These tools can help identify and fix problematic code before it reaches ...
CSOonline

Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk

A remote code execution vulnerability in Spring Framework has sparked fears that it could have a widespread impact across enterprise environments. Spring is one of the most popular open-source ...
Dark Reading

The Truth Behind Code Analysis

Quick, which one of these statements is correct? Open source software is more secure than closed source. Proprietary software is more secure than open source. The answer is neither one! Software is ...
TheServerSide

A bug fix always beats a round of risk assessments

Community driven content discussing all aspects of software development from DevOps to design patterns. When static code analysis tools identify a bug in the production code, there are two approaches ...
InfoWorld

High-risk open source vulnerabilities on the rise, Synopsys reports

The company’s annual Open Source Security and Risk Analysis report finds widespread use of open source components with high-risk vulnerabilities. Nearly three-quarters of codebases assessed for risk ...
ZDNet

Java security hole could put some servers at risk

Sun Microsystems has revealed a security hole in several versions of a critical component of Java that could allow an attacker to run harmful programs on a victim's computer. The vulnerability appears ...