tech-critter.com

Aikido vs SonarQube: Code Quality vs Full-Stack Application Security

Writing clean, bug-free code is a point of pride for any developer. For decades, tools that measure code quality have been a staple of the software development lifecycle, helping teams eliminate bugs, ...
IEEE

Machine Learning based Static Code Analysis for Software Quality Assurance

Abstract: Machine Learning is often associated with predictive analytics, for example with the prediction of buying and termination behavior, with maintenance times or the lifespan of parts, tools or ...
Microsoft

BlueCodeAgent: A blue teaming agent enabled by automated red teaming for CodeGen AI

Large language models (LLMs) are now widely used for automated code generation across software engineering tasks. However, this powerful capability in code generation also introduces security concerns ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
Microsoft

Strengthen Your Power Pages Security with CodeQL code scan

As web applications have become central to business operations, securing every line of custom code is more critical than ever. With the introduction of CodeQL scan in Power Pages toolset, we are ...
GitHub

Static code analysis of OPAL

I started using it after I lost access to Coverity, which I had access to at CERN and which I found quite useful. Cppcheck is also quite good, but not so extensive and has no GUI. Just as an example, ...
sei.cmu

Automated Code Repair for C/C++ Static Analysis

This engineering experience paper details the application of design, development, and performance testing to an automated program repair tool we built that repairs C/C++ code. Static analysis (SA) ...
CSOonline

AI coding assistants amplify deeper cybersecurity risks

Although capable of reducing trivial mistakes, AI coding copilots leave enterprises at risk of increased insecure coding patterns, exposed secrets, and cloud misconfigurations, research reveals. The ...
Dark Reading

Do Claude Code Security Reviews Pass the Vibe Check?

If there's anything that gives a seasoned application security (AppSec) professional indigestion these days, it's the thought of AI-assisted coding layered on top of an already insecure development ...
Frontiers

Dynamic and static integrated classification model of gas well based on XGBoost algorithm—an example from block S of Sulige tight sandstone gas field

Classification of gas wells is an important part of optimizing development strategies and increasing the recovery. The original classification standard of gas wells in the Sulige gas field has weak ...
InfoWorld

Microsoft C++ static analysis tool bolsters warning suppressions

Finally, Microsoft C++ Code Analysis now offers enhanced Static Analysis Results Interchange Format (SARIF) output to include detailed information about warning suppressions, most notably the ...