PrimitiveType

Web Developer News

Slashdot.org News Recent news from Slashdot.org

Which Programming Language Has The Most Security Vulnerabilties?
 
A new report from the open source security company WhiteSource asks the question, "Is one programming language more secure than the rest?" An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each... The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report. Across the seven most widely-used programming languages, here's how the vulnerabilties were distributed: C (47%) PHP (17%) Java (11%) JavaScript (10%) Python (5%) C++ (5%) Ruby (4%) But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel." The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP. The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure." Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.

Read more of this story at Slashdot.


82-Year-Old Pope Francis Is 'First Pope To Write a Line of Code'
 
Long-time Slashdot reader theodp writes: After seeing to it that UK Prime Minister David Cameron, US President Barack Obama, and Canadian Prime Minister Justin Trudeau all received (widely-publicized) coding lessons, Code.org CEO Hadi Partovi noted in late 2016 that he was "still working on Pope Francis." GeekWire reports that Partovi was able to cross that one off his bucket list Thursday, as he helped Pope Francis become 'the first Pope to write a line of code' at a 'Programming for Peace' event organized by the Pope's foundation, Scholas Occurrentes, in Vatican City (not ready for Twitch.TV video). "In the 21st century, computer science is a fundamental subject that all students should learn," said Partovi, whose tech-bankrolled nonprofit has entered a partnership with Scholas to introduce children to computer science. "Schools should teach computer science to prepare students for the future, empower children with creativity and teach how to harness technology and creativity." The Pontiff's programming lesson comes a month after Partovi's next-door neighbor, Microsoft President and Code.org Board member Brad Smith, had a sit-down with the Pope to discuss the ethical use of AI and ways to bridge the digital divide between rich and poor nations.

Read more of this story at Slashdot.


Oracle's Surprise Unannounced Layoffs 'Clear-Cut Teams of Engineers'
 
Oracle "swung the layoff axe" Thursday, reports IEEE Spectrum, saying that the move "clear-cut teams of engineers." The exact numbers of employees cut and their specific roles have not been reported by the company, but the layoffs are clearly significant. Fifty in Mexico, 50 in New Hampshire, 100 in India, at least that many in Silicon Valley -- the numbers, according to anecdotal reports on theLayoff.com and from internal chatter, are adding up quickly.... Oracle's layoff day started at 5 a.m. Pacific Time, when an email from Oracle executive vice president Don Johnson with the subject line "Organizational Restructuring" arrived in employee inboxes. The email informed staff members that, going forward, everything in the company would revolve around the Oracle Cloud Infrastructure (OCI) operation... Then the email continued with a perky sentence that made some employees furious: "OCI's business is stronger than ever, and this team's future is bright." At approximately 10 a.m., I'm told, just five hours after that email, the layoffs began -- and according to anecdotal reports included significant cuts within at least part of that stronger-than-ever, bright-future cloud business. Those affected were given 30 minutes to turn in company assets and leave the building, and were told that Friday (today) would their last official day. "The morning felt like a slaughter," one Oracle employee told me. "One person after another...." And, that employee said, the layoff process was handled very badly, with entire teams being ushered into conference rooms as groups and told that they no longer had jobs. This employee indicated that technical teams, particularly those involved in product development and focused on software development, data science, and engineering, seemed to take the biggest hit. Business Insider reports that Oracle hasn't formally announced the number of people laid off, but adds that "One source we spoke to was told by his manager that 1,500 people worldwide were cut."

Read more of this story at Slashdot.


InternetNews.com News Recent news from InternetNews.com

IT Earnings Way Up at Job Site Elance
 
Google App Engine, HTML5, search engine optimization and social media marketing are among the fastest movers on Elance's list of hot job opportunities available online.

Say What? The Week's Top Five IT Quotes
 
Google Wave crashes, fighting to keep mainframe skills alive, beware the Outernet and more.

GPL Enforcement Notches Another Victory
 
The license at the heart of many open source projects is amassing a winning record when it comes to successfully pursuing enforcement lawsuits.