Best Programming Master

The Open Source Security Foundation (OpenSSF) has announced the release of the first version of its supply chain security language, Supply-chain Levels for Software Artifacts (SLSA). The project provides specifications for software supply chain that have been established by community consensus. SLSA’s framework is split into several different levels that describe increasing security severity so users can feel confident that software has not been tampered with and can be traced back to its source. “The OpenSSF is working hard to put more rigor into the software development process,” said Brian Behlendorf, general manager of the OpenSSF. “The stable release of SLSA v1.0 is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software.” According to the company, SLSA’s specifications can be helpful for software consumers and producers alike. Producers can follow the guidelines to increase the security o

The new permission model was designed to provide better security. It allows developers to restrict access to certain resources during program execution. This can include restricting access to the file system and spawn process and restricting the ability to create worker_threads.  According to the feature roadmap , upcoming additions to the permission model will include adoption on package managers, support for path.resolve in C++, support for kFileSystem as a THROW_IF_INSUFFICIENT_PERMISSIONS argument, and the ability to read permissions from a configuration file.  Another big change in this release is that the V8 engine has been updated to version 11.3, which brings with it five new features: String.prototype.isWellFormed and toWellFormed, methods that change Array and TypedArray, resizable ArrayBuffer and growable SharedArrayBuffer, RegExp v flag with set notation and properties of strings, and WebAssembly Tail Call. “With the addition of the experimental Permission Model and u

The software delivery platform provider Harness today announced the release of the Harness Continuous Integration (CI) module and Harness Feature Flags which give customers visibility into feature development and release information with Jira Software.  “Integrating Harness and Jira Software through Harness CI and Feature Flags provide users what they need most today: a consolidated view of issues across different environments in the development lifecycle,” said Richard O’Connell, head of partner growth at Atlassian. “From the creation of a Jira ticket to the deployment in different environments, all users – from project managers to non-technical users – are able to understand and digest the latest deployment information, without the need to navigate to another tool.” Harness CI dramatically reduces pipeline execution time by automatically caching well-known directories for Java & Node.js. It is also available in hybrid and fully self-managed offerings for organizations with high

GrapeCity, provider of enterprise software development tools, today announced ComponentOne 2023 v1, the company’s first major software release of the year.  With this, users gain a new multi-column combobox for the WinForms edition, new gauges for the WPF edition, GeoJSON support added to maps for WinForms and WPF, and FlexGrid improvements. C1MultiColumnCombo, the multi-column dropdown control, offers users support for data binding, searching, filtering, highlighting, selection, and data sorting. The control is a .NET 6 library, but it functions in both .NET 6 and 7 applications. The 2023 v1 release also allows WinForms and WPF developers to add shapes on maps utilizing GeoJSON files.  According to the company, the GeoJSON capabilities include points that let .NET developers add addresses and locations, line strings representing streets, boundaries, polygons that mark the political borders of countries, and provinces.  Additionally, the ComponentOne team has rewritten the WPF gau

InstallAware announced updates such as instant access to commonly used operations, setup build modes with output folders, significant improvements to the IDE’s visual designers and the setup engine, and more in the latest Multi Platform Beta 4 release.  Developers can benefit from larger IDE fonts and unified dialog theme file names in the latest beta.  InstallAware Multi Platform is an application repackager for macOS and Linux that enables developers to discover changes made by any process or any package and setup.  The platform was created because for macOS, most apps don’t come with an uninstaller. While drag-and-drop apps that are placed in the /Applications folder don’t pose much of a problem, apps that come with standard macOS PKG installers cannot be uninstalled automatically, which is surprising in this day and age, according to Francesco Toscano, developer manager at InstallAware Software.  As for Linux, there are so many incompatible package managers with their own uniqu

Cultivating a loyal customer base by providing innovative solutions and an exceptional experience should be the goal of any company, regardless of industry.  This is one of the main reasons why Capital One uses Python to power a large number of serverless applications, giving developers a better experience as they deliver business value to customers. Python has a rich toolset with codified best practices that perform well in AWS Lambda. Capital One has been able to take modules, whether they were developed internally or from the Python community, and put them together to build what is necessary inside of a fully managed compute instance.   “We have vibrant Python and serverless communities within Capital One which has helped us advance this work,” said Brian McNamara, Distinguished Engineer. Why Python for Serverless Python and serverless practices are closely aligned in the development lifecycle which allows for quick feedback loops and the ability to scale horizontally. Using Py

Barbara was born on November 7, 1939, in Los Angeles, California. She has done great work in the field of programming languages. In 2008, she received the prestigious Turing Award in computer science. She is the second woman to receive the Turing Award. The Liskov Substitution Principle, developed by her, states the basic nature of data abstraction and is used in type theory and object-oriented programming. Image Source Name Barbara Jane Huberman Liskov Birth Date November 7, 1939 Birth Place Los Angeles, California Field of Work Programming Languages, Computer Science Education Bachelor’s degree in Mathematics from the University of California, Berkeley; Ph.D. from Stanford University Notable Positions NEC Professor of Software Science and Engineering, Ford Professor of Engineering, MIT Institute Professor Key Contributions Liskov Substitution Principle, Venus Operating System Notable Awards Discover Magazine’s 50 Most Important Women in Science, IE

Web3. Cryptocurrency. Non-fungible tokens. Those are the words many think of when they hear the word blockchain.  These are the areas where this emerging technology has garnered the most popularity over the years, but blockchain as a technical concept can be applied in many different ways, and it has uses in the enterprise, particularly when it comes to supply chain management.  “There’s — less so now — I think a conflation of Bitcoin and cryptocurrencies and blockchain that’s becoming better over the years that I’ve been engaging in it,” said Cindy Vestergaard, VP of special projects and external relations at blockhain API company RKVST . “What is less known is that actually a couple of months before the Bitcoin whitepaper was that Estonia was already looking at distributed ledger technology (DLT) for securing services among its citizens and protecting its citizens’ data. So while Bitcoin gets all the popularity, it’s actually the enterprise, if you will, or the permissioned DLT pl

Automated software security company Code Intelligence has recently discovered a Denial of Service (DoS) vulnerability (CVE-2023-20863) in the Spring Framework. This is the second DoS vulnerability that Code Intelligence has found in the Spring Frameworkover the past few weeks.  The previous finding in Spring was CVE-2023-20861, which has a CVSS score of 5.3, while the new finding has a higher score of 7.5. The CVSS scoring system is used to determine the severity of computer system security vulnerabilities.  The vulnerability was uncovered through the company’s efforts to improve the security of open-source software by testing projects with its JVM fuzzing engine, Jazzer, in Google’s OSS-Fuzz. Due to this vulnerability, applications that rely on vulnerable versions of Spring are at a high risk of Server availability issues. The affected versions are: 6.0.0 to 6.0.7 5.3.0 to 5.3.26 5.2.0 to 5.2.23.RELEASE  According to Code Intelligence, fixes have been issued to address the

If you’re like most organizations that develop mobile apps, you have some kind of systematic mobile software testing in place. You might even be using automation frameworks to execute your tests, and you might be testing across a high number of devices, browsers and operating system versions. But if you think that makes you a standout organization when it comes to mobile testing, think again. A fully developed mobile testing strategy includes more than just simple test automation and broad device coverage. To me, the best way to explain what goes into the most effective mobile testing routines is to think in terms of a mobile testing maturity model. This article discusses what I see as the four maturity stages of mobile testing, and how organizations can advance their maturity by leveraging techniques that go above and beyond the basics. The stages of mobile software testing The approach that most businesses take today to mobile testing falls into one of the following four maturity

Recently, we published a post for finance leaders on how to break open the black box that is software development. Now, I’d like to share some guidance for their technology counterparts on how to avoid being perceived as a black box in the first place. First, let’s review the issue at hand from the perspective of technology leaders. Software development has, over the past decade or more, become the fastest-growing and largest expense line item in virtually every industry. The professional management of software development is a relatively new field, continuously evolving as software development itself has continuously evolved. Many technology leaders began as developers and have grown into leadership roles as they’ve progressed in their careers. Part of the issue is that the way software developers have been taught to measure their own productivity does not align with the way the business measures the value of their work. Agile/DevOps metrics are aimed to optimize how efficiently a

In the aftermath of the COVID-19 pandemic, it seems that no one is safe from the strain of inflation, economic downturn, and a loss of job security. The instability of the current economy has become a proverbial dark cloud hanging over businesses and employees alike.  Most prominently, the technology industry has felt this tension as it finds itself on the other side of the massive influx of hiring that the pandemic encouraged.  Now with the sheer magnitude of tech layoffs making headlines, technology professionals are left to scramble and fight to find new opportunities in the field.  Jake Cooper, CEO and co-founder of the tech-enabled mental health provider Grow Therapy, explained that these layoffs are an unforeseen consequence of the rapid growth that the tech sector experienced at the beginning of the pandemic.  “The most obvious change that was precipitated was the transition of services from in-person to virtual, and we also saw the transformation of advertisements from subw

News Highlights: Attend the half-day virtual event on Tuesday, May 16, 2023 , and learn how enterprises optimize their testing practices to achieve software quality goals with QA and development leaders. Hear from the opening keynote guest speaker, Diego Lo Giudice , Forrester VP and Principal Analyst, as he shares his expertise on how AI is revolutionizing software testing. Learn how to automate end-to-end testing to deliver quality software at scale in minutes. Parasoft, a global leader in software testing solutions, today announced the fourth annual virtual Automated Software Testing and Quality (ASTQ) Summit. This half-day virtual event will showcase QA and development organizations from various industries. They’ll share experiences and best practices on how to address software application challenges to achieve business goals. Join the live virtual summit on Tuesday, May 16, 2023 , at 11 a.m. EDT to gain insights from industry leaders in financial services and telecommunic

The team at amazon today announced Amazon Bedrock, a service intended to help organizations build and scale generative AI applications. With this release, users gain access to foundation models (FM) from AI startup model providers such as AI21, Anthropic, and Sustainability AI. Amazon Bedrock opens up several FMs from different providers so that AWS customers have the flexibility to choose which model would work best for their specific needs.  This release helps users speed up the development of generative AI applications using FMs through an API, without the need to manage infrastructure. These FMs can also be privately customized using data from the user’s own organization. Amazon Bedrock also allows customers to use AWS tools and features that they are already familiar with in order to deploy scalable and secure generative AI applications.  Additionally, AWS announced the general availability of Amazon EC2 Inf2 instances. This release is powered by AWS Inferentia2 chips, which i

ngrok , the API-first ingress-as-a-service platform, today announced the ngrok Ingress Controller for Kubernetes. Now developers can create ingress to their production workloads running in Kubernetes clusters with the same ease and security they’ve come to love with ngrok. More than six million developers use ngrok, but supporting production Kubernetes workloads requires different infrastructure and tooling. The ngrok Ingress Controller for Kubernetes packages the power and simplicity of the ngrok platform into the standard cloud-native APIs that developers and operations teams already integrate with. “Other ingress controllers require operators to perform complex networking setup bespoke to each underlying environment,” said Alan Shreve, founder and CEO of ngrok. “ngrok, by contrast, delivers a plug-and-play experience to any Kubernetes cluster. It eliminates operational burden by leveraging ngrok’s global network to deliver ingress without requiring you to configure the underlying