-
Thoughts on Executive Order 14028: Attestation and Software Security
For the last few weeks, SAFECode has been discussing a number of government initiatives related to software security assurance. This is the first of several blogs that we will be publishing to share our perspective and recommendations for approaches that will help governments and other organizations gain confidence in the software that they acquire and…
-
Security Capabilities to Support Code Integrity
By Kelly FitzGerald, Raytheon Technologies; Altaz Valani, Security Compass; Elena Kravchenko, Imperva; Matthew Lyon, Dell Technologies; Ashwini Siddhi, Dell Technologies Introduction In our previous blog posts, we defined the code integrity problem statement and the basic principles of code integrity. As our series continues, we will define a framework of layered security capabilities to support…
-
Oracle Joins SAFECode; Raytheon Accepts Board Seat
Members Work Together to Improve and Promote Effective Software Security Practices WAKEFIELD, MA. – July 28, 2022 – The Software Assurance Forum for Excellence in Code (SAFECode) recently welcomed Oracle as an associate member and elevated Raytheon Technologies to a seat on the SAFECode Board of Directors as a charter member. Along with Oracle, other recent new…
-
KRaft: Apache Kafka Without ZooKeeper
Apache Kafka has been a cornerstone of modern event streaming architectures, enabling reliable and scalable data pipelines for businesses worldwide. Traditionally, Kafka has relied on ZooKeeper for managing metadata, configurations, and cluster coordination. However, the introduction of KRaft (Kafka Raft) marks a significant shift in Kafka’s architecture, eliminating the need for ZooKeeper and simplifying cluster management. What…
-
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege escalation using world-writeable webroot. The issues can be combined to allow privileged access from a remote connection.
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege…
-
Qodana 2024.3 Is Here Along With a Special Offer for New Users!
Happy New Year! In case you missed it, the Qodana team ended 2024 with a bang and released Qodana 2024.3. What’s in the latest release? New security functionality, a fresh set of Android linter rules, and more to help your team prioritize code excellence. Let’s take a look at what’s available in more detail. To…
-
Updated System Requirements for Linux GNU C Library (glibc)
Starting with v2025.1, IntelliJ-based IDEs will require glibc 2.28 or higher on Linux x64 systems. This change is being made to address potential security vulnerabilities associated with building and running our software on outdated systems and to ensure our products evolve with modern frameworks and technologies. By enforcing a more recent glibc version, we aim to…
-
The MPS 2024.3 Release Candidate Is Ready
The Release Candidate for MPS 2024.3 is now available for download! Grab it and be among the first to experience the new functionality. DOWNLOAD MPS 2024.3 RC You can learn about the new features in more detail in this blog post. The full list of fixed issues can be found here. Your JetBrains MPS team…
-
JetBrains Academy – December Digest
In the new year, the JetBrains Academy team wants your IT skills to shine brighter than a Christmas tree! 🎄 This newsletter is packed with global trends in computer science education, must-read books, tips for university entrance exams, IT contests, and some holiday presents to help you level up your skills. 🎁 Enjoy the gift,…
-
The IntelliJ Scala Plugin in 2024
The Year in Review Time flies. Only a year ago, we saw the release of Scala 3.4.0-RC1, and now we’re trying out Scala 3.6.2 with many new experimental features. The last 12 months have brought many new features to the IntelliJ Scala Plugin as well. A year ago we introduced X-Ray mode, which lets you…