Microsoft

RedCodeAgent: Automatic red-teaming agent against diverse code agents

Code agents are AI systems that can generate high-quality code and work smoothly with code interpreters. These capabilities help streamline complex software development workflows, which has led to ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
SlashGear

Google Wants Its Latest AI Tool To Find And Fix Vulnerable Code Before It Becomes A Problem

Artificial Intelligence (AI) tools have sped up everything from app development and problem-solving to scientific discoveries and medical research. Yet, at the same time, experts have also warned ...
Dark Reading

Do Claude Code Security Reviews Pass the Vibe Check?

If there's anything that gives a seasoned application security (AppSec) professional indigestion these days, it's the thought of AI-assisted coding layered on top of an already insecure development ...
GitHub

When we run static code analysis tools like Fortify on Azure Functions dotnet 8 based project the build fails

Needs: Triage (Functions) potential-bugItems opened using the bug report template, not yet triaged and confirmed as a bugItems opened using the bug report template, not yet triaged and confirmed as a ...
Scientific Research Publishing

Benjamin Livshits, V. and Lam, M.S. (2005) Finding Security Vulnerabilities in Java Applications with Static Analysis. USENIX Security Symposium, 14, 18.

ABSTRACT: Security vulnerabilities are a widespread and costly aspect of software engineering. Although tools exist to detect these vulnerabilities, non-machine learning techniques are often rigid and ...
InfoWorld

10 Java-based tools and frameworks for generative AI

Java is not the first language most programmers think of when they start projects involving artificial intelligence (AI) and machine learning (ML). Many turn first to Python because of the large ...
sei.cmu

Silent Sentinel Tool Automates Software Risk Analysis

February 10, 2025—The way software is expected to perform does not always match the way it runs in production. Before installing software, system owners should assess its risks and impacts on their ...
SDxCentral

Endor Labs, 7 Others Launch Opengrep to Keep Static Code Analysis Open Source

Endor Labs has collaborated with Aikido Security, Arnica, Amplify, Kodem, Legit, Mobb, and Orca Security to introduce Opengrep, an initiative designed to maintain open access to static code analysis ...
Cyber Defense Magazine

Best Practices in Cybersecurity With Exhaustive Static Analysis To Secure Software Integrity

The complexity of modern software systems, coupled with the increasing sophistication of cyber threats, underscores the critical need for robust security measures. Ensuring software integrity is not ...
IEEE

Evaluating Python Static Code Analysis Tools Using FAIR Principles

Abstract: The quality of modern software relies heavily on the effective use of static code analysis tools. To improve their usefulness, these tools should be evaluated using a framework that ...