InfoWorld

Shipping enterprise-quality code with AI agents

How we can increase software development velocity with AI-assisted coding without the hangover of runaway technical debt.

Devs know AI code is riddled with holes, but ship it anyway

Research by AppSec biz Checkmarx finds that 70 percent of developers believe AI-generated code has more vulnerabilities, and ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...
csis.org

AI-Driven Code Analysis: What Claude Code Security Can—and Can’t—Do

Q1: How does Claude Code Security function—and how does it differ from traditional static application security testing (SAST)? A1: Conventional rule-based static analysis uses pattern matching, ...
Forbes

From 'Shift Left' To 'Shift Smart': Why AI Agents Will Replace Static Analysis

Over the years, "shift left," a development practice that shifts testing, QA and security initiatives "left" on the timeline, has become the cornerstone of DevSecOps. I've watched it become the ...
cybermagazine

Will Anthropic's Claude Code Security Replace Cyber Tools?

Anthropic launched Claude Code Security to hand defenders an AI powered vulnerability scan and patch tool, which left cybersecurity stocks crumbling The team at Anthropic has decisively stepped into ...
The New York Times

This A.I. Tool Is Going Viral. Five Ways People Are Using It.

Claude Code generates computer code when people type prompts, so those with no coding experience can create their own programs and apps. By Natallie Rocha Reporting from San Francisco Claude Code, an ...
IEEE

Static Code Analysis of IEC 61131-3 Programs: Comprehensive Tool Support and Experiences ...

Abstract: Static code analysis techniques examine programs without actually executing them. The main benefits lie in improving software quality by detecting problematic code constructs and potential ...
sei.cmu

Automated Code Repair for C/C++ Static Analysis

Details the application of design, development, and performance testing to an automated program repair tool we built that repairs C/C++ code. Static analysis (SA) tools produce many diagnostic alerts ...
InfoWorld

Microsoft C++ static analysis tool bolsters warning suppressions

The Microsoft C++ Code Analysis tool has been updated to provide better tracking, justification, and overall management of warning suppressions. These improvements lead to a more maintainable and ...
Scientific Research Publishing

Benjamin Livshits, V. and Lam, M.S. (2005) Finding Security Vulnerabilities in Java ...

ABSTRACT: Security vulnerabilities are a widespread and costly aspect of software engineering. Although tools exist to detect these vulnerabilities, non-machine learning techniques are often rigid and ...