Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What are some of the growing cybersecurity risks in the modern software development landscape that keep CISOs busy? Developers and security teams face an ever-increasing array of threats, from sophisticated open source and vendor-controlled supply chain attacks to vulnerabilities introduced by AI-generated code like prompt injection and poor code security by GitHub Copilot.

Snyk, a leading provider in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2024 Gartner Peer Insights Voice of the Customer for Application Security Testing for a third consecutive year. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding user interest, adoption, and overall experience.

Most modern applications contain a substantial number of open source packages, libraries, and frameworks. In fact, it's estimated that at least 80% of the source code in modern applications is from open source. In addition to relying heavily on commodity components to build applications, development teams often deploy these apps and services via community-sourced container base images.

On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.

In many standard enterprise applications, consistent logging serves a multitude of purposes. It helps businesses identify and rectify errors, provides valuable analytical insights, and lets you test new solutions. However, this also makes log injections one of the most common ways hackers can hijack or even gain access to sensitive user information.

C and C++ remain foundational in critical software development. These languages power a wide array of systems, from embedded devices to high-performance applications in manufacturing, operational technology (OT), and the industrial market. Their efficiency, control over system resources, and performance make them indispensable for developers working on mission-critical projects.

Thousands of our customers are leveraging Snyk to implement their DevSecOps and shift-left strategies. However, with the increasing speed and complexity of applications, we also know it’s harder to stay in sync with development. It is increasingly difficult to maintain a clear view of all the software assets being developed, identify ownership and their importance to the business, and, most importantly, ensure that these assets are properly secured by Snyk.

Snyk Learn, our developer security education platform, just got better! We have expanded our lesson coverage and created a new learning path that covers the OWASP Top 10 for LLMs and GenAI, and is entirely free! As AI continues to revolutionize industries, ensuring the security of AI-driven systems has never been more critical.

The Snyk team is excited to announce that our FedRAMP sponsor, the Center for Medicare and Medicaid (CMS), has granted authorization (ATO), enabling their teams to leverage our public sector offering, Snyk for Government (SFG). This stage signifies that we are almost at the finish line of the FedRAMP process and points to our continued investment and support of public sector organizations in their application security efforts.

As a software developer, ensuring the security of your applications is paramount. A crucial part of this task involves managing secrets and employing a secrets detection tool. In this context, secrets refer to sensitive data such as API keys, database credentials, encryption keys, and other confidential information. Their unauthorized access or exposure can lead to catastrophic consequences, including data breaches and severe business losses.