John Campbell | The Blog Pros

August 18, 2023

Combatting the OpenSSH Vulnerability

Time and again, we encounter stark reminders that every piece of software, no matter how widespread its use or how thoroughly it is reviewed, has the potential to harbor security vulnerabilities. A recent case in point is a security flaw that was detected in OpenSSH, a tool commonly employed for secure connectivity. This occurrence underlines the necessity of maintaining vigilance regarding all software, including those with the primary function of enhancing security.

The detected vulnerability in OpenSSH, designated CVE-2023-38408, opens the possibility of a remote execution attack under certain conditions. A remote command execution vulnerability represents a type of security flaw within computer systems, applications, or network devices that allows an attacker to execute arbitrary commands remotely on the target system. Once this breach has been exploited, the attacker can utilize the remote execution to mount further attacks, given that the remote host often possesses additional permissions within an organization's network.

As discovered through a code review, this vulnerability can be mitigated by updating OpenSSH to version 9.3p2.

How Developers Can Work With Generative AI Securely

If you work in software development, or indeed within any sector of the technology industry, you will have undoubtedly been part of discussions about, read headlines on, or even trialed a platform for generative artificial intelligence (AI). Put simply, this new and quickly evolving technology is everywhere.

Yet along with the exciting promise of greater productivity with AI code generation tools — GitHub argues the increase in developer productivity due to AI could boost global GDP by over $1.5 trillion — there is also increased risk. These risks include concerns around code quality, as AI models can produce complex code that is both difficult to understand and explain.

The Scale, Speed, and Spend of Low Code: Benefits and Challenges of Low-Code Platforms
No categories
Editor's Note: The following is an article written for and published in DZone's 2024 Trend Report, Low-Code Development: Elevating the Engineering Experience With Low and No Code. The relevance of low-code development is growing as businesses see... […]
Empowering Citizen Developers With Low- and No-Code Tools: Changing Developer Workflows and Empowering Non-Technical Employees to Build Apps
No categories
Editor's Note: The following is an article written for and published in DZone's 2024 Trend Report, Low-Code Development: Elevating the Engineering Experience With Low and No Code. The rise of low-code and no-code (LCNC) platforms has sparked a de... […]
PostgreSQL BiDirectional Replication
No categories
As you can understand from my previous blogs I am really into PostgreSQL. Previously we ran Debezium in Embedded mode. Behind the scenes, Debezium consumes the changes that were committed to the transaction log. This happens by utilizing the logical de... […]
Twenty Things Every Java Software Architect Should Know
No categories
As the software development landscape continues to evolve at a rapid pace, Java stands out as a foundational language that drives a multitude of applications on a global scale. In 2024, the role of a Java software architect has assumed unprecedented si... […]
How To Plan a (Successful) MuleSoft VPN Migration (Part II)
No categories
In this second post, we'll be reviewing more topics that you should take into consideration if you're planning a VPN migration. If you missed the first part, you can start from there. […]

Proudly powered by WordPress