Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.
In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.
GitHub rolled out several new features designed to help developers write secure code at its recent GitHub Satellite conference last week in Berlin.
The original vulnerability may be in a jQuery plugin, but the disconnect in how web developers use .htaccess with the Apache web server and how the server is actually configured means there are potentially more applications out there that are vulnerable to attack.