Best Programming Master

According to Datadog’s State of DevSecOps 2024 report, 90% of Java services have at least one or more critical or higher severity vulnerabilities.  This is compared to around 75% for JavaScript services, 64% for Python, and 50% for .NET. The average for all languages studied was 47% The company found that Java services are also more likely to be actively exploited compared to other languages. Fifty-five percent have suffered from this, compared to a 7% average for other languages. Datadog believes this may be due to the fact that there are many prevalent vulnerabilities in popular Java libraries, such as Tomcat, Spring Framework, Apache Struts, Log4j, and ActiveMQ.  “The hypothesis is reinforced when we examine where these vulnerabilities typically originate. In Java, 63 percent of high and critical vulnerabilities derive from indirect dependencies— i.e., third-party libraries that have been indirectly packaged with the application. These vulnerabilities are typically more chall

OpenAI has just announced a few new updates to its Assistants API , which is an API that makes it possible for developers to build AI assistants into their applications.  The API now includes a file search tool that allows up to 10,000 files per assistant, and can enable developers to integrate knowledge retrieval into their assistants. It works with OpenAI’s vector store objects to automate file parsing, chunking, and embedding.  The company also introduced new controls for setting the maximum input and output token so that developers can more directly limit costs. They can also now select how many recent messages will be used for context truncation. It also introduced a new Tool Choice option that forces the model to call a specified tool during a run, such as file search, code interpreter, or another function.  Other updates in this release include more model configuration settings, new streaming and polling helpers, support for fine-tuned models, and more.   More informat

A number of security-focused groups have announced they are teaming up on a new open-source project to help secure software supply chains: Protobom . The project was created jointly by the Open Source Security Foundation (OpenSSF), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security Science and Technology Directorate (DHS S&T).  Protobom allows companies to read software bill of materials (SBOM) data, create their own SBOMs, and translate SBOMs into different standard formats.  According to OpenSSF, there are many SBOM formats and schemas out there, which can be challenging for companies. The goal of the new project is to provide a “format-neutral data layer on top of the standards that lets applications work seamlessly with any kind of SBOM.” OpenSSF also explained that by integrating Protobom into applications that link SBOM and vulnerability information, organizations will be able to more quickly access the necessary patches and

Most developers at this point in time have adopted DevOps in some form or another, whether they are a full-blown DevOps engineer or a developer utilizing parts of the DevOps practice.  According to a new report from the Continuous Delivery Foundation (CDF), 83% of developers were “involved in DevOps-related activities” in the first quarter of 2024. The report was based on data over the past three and a half years from SlashData. Because of the wide time period being examined, the organization was able to compare this to a 77% involvement in DevOps in early 2022, a 6% increase. Even though the total number of developers involved in DevOps in some way has risen, there has at the same time been a small decrease in the number of developers who involve themselves in all DevOps-related activities. In other words, developers are specializing on a specific DevOps task rather than trying to do it all. CDF sees this as an indicator of DevOps maturity. The most common DevOps task developers

When Oracle bought Sun Microsystems in April 2009 for $7.4 billion, Oracle’s Larry Ellison said Java was “ the single most important software asset we have ever acquired .” Two months later, appearing on stage with Ellison at the JavaOne conference, Sun chairman Scott McNealy tackled the crowd’s biggest question head-on. “There’s a big, pink elephant in the room,” he told the audience of software developers. “ Is this Oracle thing a good thing for Java? ” While companies don’t often make announcements about the underlying platform they use to power their software investments, Java underpins everything from microservices and backend logic to big data processing — and Java’s lasting compatibility, productivity, and massive ecosystem and tooling support has made it truly ubiquitous. As we mark 15 years of Oracle Java, it’s worth revisiting McNealy’s question: What has Oracle’s stewardship of Java meant for its enterprise users and the developer ecosystem? The Pros The first few year

The Overture Maps Foundation — a joint effort from Amazon, Meta, Microsoft, and TomTom —   to provide open map data — has announced a beta of its global map dataset. The dataset includes five base layers of data:  Data on almost 54 million places of interest around the world 2.3 billion building footprints Information on transportation infrastructure, such as roads, footpaths, and more Nation and regional administrative boundaries , including names that have been translated into 40 languages A base layer including land and water data  The foundation has created this dataset based on several different open map data sources, such as OpenStreetMap, satellite/aerial imagery, government data, and open commercial data sources.  PODCAST: Overture Maps Foundation is on a mission to provide reliable open map data Interested developers can begin using the map data and schema and provide feedback on it during this period to help prepare the dataset for general availability,

Until recently, the terms “mainframe” and “Git” appeared to be a mismatch. However, increased adoption of DevOps practices on the mainframe, the desire to integrate the platform in enterprise-wide continuous innovation/continuous deployment (CI/CD) pipelines, and its familiarity among next-generation developers have made Git a popular solution for mainframe source code management (SCM). Git’s feature branches, distributed development, and pull requests facilitate an agile workflow, encouraging developers to share smaller changes more frequently. As a result, changes move through the deployment pipeline faster than the monolithic releases common with centralized version control systems. Additionally, its robust collaboration features allow multiple contributors to seamlessly code, review, and merge changes into one source. Using Git as a mainframe SCM encourages common development practices across platforms and breaks down silos, enabling the integration of the mainframe into CI/CD pi

JetBrains is attempting to make it easier for developers to manage different development tools with the release of JetBrains IDE Services .  “Due to complex environments and distributed engineering teams, enterprise customers struggle to efficiently and securely deploy and manage IDEs, AI tools, and remote environments all at once. These struggles naturally slow businesses down and result in missed opportunities,” said Brian Noll, VP of sales and global partnership at JetBrains Americas. The new solution provides a central hub for managing five different JetBrains products: IDE Provisioner, AI Enterprise, License Vault, Code With Me Enterprise, and CodeCanvas. IDE Provisioner provides updates to IDEs as needed to ensure out-of-date versions aren’t in use, AI Enterprise provides AI-powered productivity features, License Vault automates distribution of JetBrains IDE licenses, Code With Me Enterprise provides pair programming, and CodeCanvas handles development environment configurati

OpenAI has announced that paid ChatGPT users now have access to GPT-4 Turbo, which is the company’s most advanced model. The new model improves writing, math, logical reasoning, and coding capabilities.  According to OpenAI, the use of GPT-4 Turbo will result in more direct and concise results from ChatGPT that use more conversational language compared to previous iterations.  For example, a prompt asking for a text message you can send to your friends reminding them to RSVP to your birthday dinner would now result in a 23 word response instead of a 51 word response. In addition to now being available for ChatGPT Plus users, GPT-4 Turbo has already been available to OpenAI’s Team and Enterprise customers and through the API.  OpenAI has made its benchmarks for GPT-4 Turbo in ChatGPT available here .  The post ChatGPT Plus users now get access to GPT-4 Turbo model appeared first on SD Times . from SD Times https://ift.tt/qbiXVhD

Apache Airflow is an open-source project for scheduling and managing workflows, written in Python.  Kaxil Naik, director of Airflow engineering at Astronomer and one of the core committers of Airflow, told SD Times: “It is used to automate your daily jobs or daily tasks, and tasks can be as simple as running a Python script or it can be as complicated as bringing in all the data from 500 different data warehouses and manipulating it.” It was created at Airbnb in 2014 and is about to celebrate its 10 year anniversary later this year. It joined the Apache Software Foundation in March 2016 at the Incubation level and was made a top-level project in 2019.  Airflow was initially designed for just ETL use cases, but has over the years evolved to add features that make it useful for all aspects related to data engineering.  “It has continued to be the leader in this space, because we have maintained a good balance between innovation and stability. Because of this almost 10 years of Air

Postman , the world’s leading API collaboration company, today announced its acquisition of  Orbit , the community growth platform for developer companies. Over the past four years, Orbit has helped the leading developer companies grow their communities, and will now integrate its technology and deploy its expertise in support of Postman’s vision of empowering 100 million developers through API collaboration. “Tens of thousands of API builders including companies like Discord already distribute their APIs to millions of developers on the Postman API Network. But today, those builders can’t engage directly with their community on the network,” said Abhinav Asthana, co-founder and CEO of Postman. “We can show them how many developers call their APIs along with success rates, which is only part of the experience. With Orbit, we’ll open up the conversation between API builders and developers, allowing developers to tell API builders what they need, and enabling API builders to reach new a

ACM has announced that it is awarding the 2023 ACM A.M. Turing Award to Avi Wigderson for his contributions in the area of theoretical computer science, and notably, for changing our understanding of how randomness works in computation.  “Wigderson is a towering intellectual force in theoretical computer science, an exciting discipline that attracts some of the most promising young researchers to work on the most difficult challenges,” said Yannis Ioannidis, president of ACM. “This year’s Turing Award recognizes Wigderson’s specific work on randomness, as well as the indirect but substantial impact he has had on the entire field of theoretical computer science.” At their core, computers are deterministic systems, meaning their algorithms follow a predictable pattern where output is determined by the input. But the world we live in is full of random events, so computer scientists have enabled algorithms to make random choices too, which makes them more efficient. There are also many u

Supply chain security has been a big topic of conversation over the past several years, and while many of the conversations have revolved around insecure third-party components in codebases, there’s another part of the supply chain that could have a negative impact if not secured properly: secrets.  Max Power, product lead for Bitwarden Secrets Manager, said that from a development perspective, secrets include things like API keys, certificates, and SSH keys.  “Any chain is only as secure as the weakest link,” said Power. “The same applies to organizations. We have seen in the past multiple examples of massive data breaches as a result of accidentally leaked secrets, particularly secrets that were either hard-coded or pushed in Git repos.” According to GitGuardian’s 2024 State of Secrets Sprawl Report , 12.7 million secrets were detected in public GitHub commits in 2023, which was a 28% increase from the previous year. Over the past four years, the problem of secrets sprawl has g

Learn how value stream management (VSM) can provide visibility into your processes, help you align them to meet your goals, and gain efficiencies at Broadcom’s VSM Virtual Summit on April 24. A GigaOm research report from 2023 highlighted how VSM plays a critical role in ensuring that going fast and delivering more also delivers a product that actually provides value. The reports spotlights the techniques of value stream that enable value to be seen, mapped to the goals of the business, then optimized by eliminating waste and removing roadblocks to deliver. “There are more companies that are in the phase of using it with multiple product lines. And there’s more companies that are starting to use it and doing a POC with it,” explained Laureen Knudsen, Broadcom’s Chief Transformation Officer – AOD. “So we’re seeing that growth curve really starting to take off and happen in this past year than we have previously. It’s been snowballing and I think the results are what people are st

Denodo, a leader in data management, announced a new integration of the Denodo Platform with Google Cloud’s Vertex AI as part of its partnership. Powered by data virtualization, Denodo will work with Google Cloud to empower joint customers to drive innovative solutions by combining advanced logical data management capabilities with cutting-edge generative AI services while providing access to state-of-the-art large language models (LLM). To learn more see the demo, attend customer Dan Young, Chief Data Architect at Indiana University’s session titled Switching Cloud Providers: Changing Courses and Making the Grade on April 10th at 12:50 pm or meet Denodo at the event in booth number 1362. “Google Cloud and Denodo’s innovative technologies enable us to provide better and faster insights while freeing up valuable time and resources for our team,” said Dan Young, Chief Data Architect, at Indiana University. “We recognized early on the transformative potential that can be realized by com