InfoQ Homepage Coding Standards Content on InfoQ
-
SSH Backdoor from Compromised XZ Utils Library
When Microsoft engineer Andres Freund noticed SSH was taking longer than usual, he discovered a backdoor in xz utils, one of the underlying libraries for systemd, that had taken years to be put in place. The backdoor had found its way into testing releases of Linux distributions like Debian Sid, Fedora 41 and Fedora Rawhide but was caught before propagating into more highly used stable releases.
-
Building a Dedicated Platform for Frontend Developers at the Norwegian Government
Recognizing the challenges faced by frontend developers, the Norwegian Labour and Welfare Administration decided to build a dedicated platform to address their needs. It offers services like a CDN, an observability stack for monitoring and debugging, and feature management using Unleash. The platform is treated as a product to drive adoption and improve the developer experience.
-
Learn to Fight Cyberattacks in 2023: Steve Poole's Call to Action at Devoxx
Almost a year after the world was shelled by log4, Sonatype’s Steve Poole - a long-time secure code promoter, sounded the alarm regarding the advancement of cyber attacks during his Devoxx talk. Cyberwarfare is a reality, and countries use cyberattacks to fight other countries. More than awareness, the talk gives us hope by revealing the tools each developer has at hand to fight this evil.
-
Amazon Unveils ML-Powered Coding Assistant CodeWhisperer
Amazon launched CodeWhisperer, an ML-Powered Coding Companion which provides code recommendations based on developers' comments in natural language and their code in the integrated development environment. The machine learning-powered service increases developer productivity.
-
Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates
Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.
-
Rust 2021 Edition is Here: Q&A with Armin Ronacher
Rust 2021 Edition hit the road perfectly on schedule on October 21, along with Rust 1.56.0. The latest version of the language includes support for disjoint capture, or patterns in macro rules, and more. InfoQ has taken the chance to speak with Sentry director of engineering, Armin Ronacher, about where Rust is standing now.
-
IBM Fully Homomorphic Encryption Toolkit Now Available for MacOS and iOS
IBM's Fully Homomorphic Encryption (FHE) Toolkit aims to allow developers to start using FHE in their solutions. According to IBM, FHE can have a dramatic impact on data security and privacy in highly regulated industries by enabling computing directly on encrypted data.
-
Microsoft Exploring Rust as the Solution for Safe Software
Microsoft has been recently experimenting with Rust to improve the safety of their software. In a talk at RustFest Barcelona, Microsoft engineers Ryan Levick and Sebastian Fernandez explained the challenges they faced in using Rust at Microsoft. Part of Microsoft's journey with Rust included rewriting a low-level Windows component, as Adam Burch explained.
-
SAP Open Sources Java SCA Tool
SAP open sources a tool to detect known vulnerabilities in Java/Python applications through software composition analysis.
-
Learning to Code Better with Lean Coding
Lean coding aims to provide insight into the actual coding activity, helping developers to detect that things are not going as expected at the 10 minute-level and enabling them to call for help immediately. Developers can use it to improve their technical skills to become better in writing code.
-
Zeppelin: a Secure Smart Contracts Open-Source Framework for Blockchain Applications
Zeppelin is a MIT licensed open source secure smart contract development framework to build blockchain applications. It's a community effort pioneered to ensure only secure, tested and audited smart contract code makes it to a production blockchain, to reduce incidents such as "The DAO" hack. Zeppelin is intended to be blockchain-agnostic, but in the beginning they are focusing on Solidity tools.
-
Continuous Deployment at Coolblue
Continuous deployment results in a higher sense of responsibility and better quality of deployments, argues Paul de Raaij, technical pathfinder at Coolblue. Coding standards prevent your code base from becoming a mess, automated inspections are great for tedious and boring checks, and manual checks are great for checking if the logic or use of code actually makes sense.
-
Challenges When Implementing Microservices and Why Programming Style Matters
Fred George talked about the Challenges in Implementing MicroServices and The Secret Assumption of Agile at the GOTO Amsterdam 2015 conference. InfoQ interviewed him about how make microservices as small as possible, challenges when implementing microservices and how to deal with them, why programming style matters, and what developers can do to develop their code writing skills.
-
Mixing Agile with Waterfall for Code Quality
The 2014 CAST Research on Application Software Health (CRASH) report states that enterprise software built using a mixture of agile and waterfall methods will result in more robust and secure applications than those built using either agile or waterfall methods alone. InfoQ interviewed Bill Curtis about structural quality factors, and mixing agile and waterfall methods.
-
DidFail: a Free Android Tool to Detect Information Leakage
CERT Secure Coding team have recently released a freely available tool capable of analysing the leakage of sensitive information from an Android app. CERT researchers claim their tool "is the most precise taint-flow static analysis tool for Android apps."