Feed aggregator

A California fourth-grader's interview with her grandfather, who was forced out of Uganda before moving to the U.S., is one of our outstanding podcasts.

(Image credit: Janet Woojeong Lee)

President Trump has made clear he wants to close the U.S. Department of Education, but Republicans seem torn on just how far to go.

(Image credit: Jon Cherry)

Looking for a fast and reliable internet connection in Redding? Spectrum is our top recommendation, but there are several other providers to consider.

• The M4 MacBook Air release date could be imminent
• Apple Stores are getting ready and cutting stock of the M3 MacBook Air
• The new laptop is expected to bring modest improvements

We’ve been hearing for months that Apple is going to launch a new MacBook Air with an M4 chip soon, and now it looks like the date is almost upon us. If you’ve been thinking about buying a MacBook Air, you’ll want to hold off for just a little longer.

That’s because Bloomberg reporter Mark Gurman has claimed in his Power On newsletter that Apple Stores are preparing for the new MacBook Air to arrive. His evidence for this? Inventory of the M3 MacBook Air is apparently being wound down at Apple Stores, meaning there will soon be fewer units of the current model available to buy.

This is usually a surefire sign that Apple is getting ready to launch a new device. After all, what’s the point in the company maintaining high stock levels of a product that will soon be superseded?

It’s not the only clue. Gurman says that Apple’s marketing, sales and retail teams are now being prepared for the M4 MacBook Air release, which is expected to land at some point in March. Gurman's track record is very good, so a launch within the next month does look increasingly likely.

Hang on a little longer

(Image credit: Apple)

All of this means that you probably shouldn’t buy a MacBook Air right now. If you do, you’ll end up with an M3 model that will quickly be surpassed by the M4 version.

As we’ve seen from the MacBook Pro and the iPad Pro, the M4 chip should be a decent upgrade over the M3, if not a groundbreaking one. In terms of performance, we’ll likely see some increased core counts, a more efficient Neural Engine, and improved memory bandwidth.

Other than the new chip, the M4 MacBook Air isn’t expected to include many other new features. The design will almost certainly stay the same, as will the speakers. And while Apple is working on an OLED MacBook Air, it’s still a few years away from release.

Still, the M4 MacBook Air is enough of an upgrade to make it worth waiting for. If you’ve been itching to pull the trigger on a new MacBook Air, you’d do well to hang on just a few more weeks.

You might also like

• Apple MacBook Air M4: news, rumors, and everything we know
• MacBook Air OLED reportedly delayed until at least 2028 – here’s why
• Apple M4 chip: everything you need to know about Apple's latest silicon

• JBL Flip 7 and Charge 6 US launch details leak in removed press release
• Pre-orders set for March 10, 2025 – on-sale April 6, 2025
• Flip 6 set to be $149, Charge 6 set to be $199

The JBL Flip 7 and Charge 6 Bluetooth speakers are ready to launch soon, according to a press release from the company on Business Wire, which has now been removed – but is still visible via Wayback Machine.

It reveals that the new speakers will cost $149 and $199 respectively, and will be available to pre-order in the US from March 10, 2025 – but won't actually be available until April 6. The price is a rise from the previous versions of both models, which launched at $129 and $179 respectively. In the UK, we'd expect them to cost £149 and £199 based on current exchange rates. In Australia, it works out to around AU$295 and AU$395.

That's unless you're in China, where the Flip 7 it's already available to order with an early bird price of around $158, according to Gizmochina.

In addition to the usual JBL strengths, it looks like the successors to the rather good JBL Flip 6 and JBL Charge 5 will be borrowing one of the best features of the JBL Xtreme 4: the AI Sound Boost mode. The Business Wire release confirms that both speakers will support this tech, and we'll explain why that's a great fit in a moment.

But the Gizmochina article says that there's another welcome piece of optimization tech in the Flip 7: a battery mode that squeezes another two hours out of the high-capacity lithium-ion battery by turning off the bass display and equalizer settings. That should mean an improved battery life of 14 hours.

We haven't seen a good range of pictures of the devices yet, but we expect the design to be largely to same as the previous models – here's the JBL Charge 5, for reference. (Image credit: Daniel Hessel) Why we're looking forward to hearing the JBL Flip 7

I'm the first person to mock fancy-sounding audio optimization tech, because I've listened to a lot of it and found it deeply disappointing. But the AI Sound Boost here could be good, based on when we've already heard it in action.

Here's Harry Padoan, who reviewed the JBL Xtreme 4, describing how the system worked for him: "The AI Sound Boost in the JBL Xtreme 4 has pretty controlled, powerful audio and at high volumes it didn't sound distorted at all – that seems to be the purpose of the technology. How much of that is really down to 'AI', I couldn't say, of course."

Whether it's AI, engineering or a mix of both doesn't really matter: if it helps the JBL Flip 7 and Charge to push out more powerful sound without distortion than they could manage before, that could be a big win for such small speakers.

The Gizmochina articles describes the Flip 7 as using a tweeter, racetrack mid driver and dual bass radiators for sound, which is basically what the Flip 6 offers.

It'll be IP68 water and dust-resistant, but a nice upgrade will be the option of USB-C audio input for "lossless" sound, though I don't know that I'd rely on a pint-sized portable speaker for that kind of fidelity…

Bluetooth 5.4 will provide the wireless tech, including support for Auracast, to provide the ability to use loads of the speakers together at once.

We don't have this kind of info for the Charge 6 yet, but I'd expect them to be basically identical except for a more powerful speaker setup in the Charge, and a larger battery that can charge other devices, naturally.

The JBL Flip 6 and JBL Charge 5 both rank among our list of the best Bluetooth speakers based on how good a value they offer, and I suspect that these two speakers will be the biggest competitors to the new models – with the Flip 6 regularly available for under $100 / £100, the Flip 7 is going to have to be a clear upgrade.

You might also like

• Acer warns of tariff-related price hikes for tech products
• The best Bluetooth speakers
• The best wireless speakers including Wi-Fi models

• Windows 11 has a new preview build with some smart additions
• One of those is a fresh piece of the interface to make file sharing easier
• The other is a couple of neat new layouts for one part of the Start menu

Windows 11 should be getting some useful changes to its interface, one of which makes sharing files easier, and the other introduces nifty new layout options for the Start menu.

These moves are in testing right now, to be precise in Windows 11’s build 22635.4950 which is in the Beta channel.

The new file sharing menu appears at the top of the screen whenever you’re dragging a file out of a folder on the desktop, and it features an array of icons, such as WhatsApp, My Phone, Microsoft Teams, and so on. Dropping a file on any icon will instantly share it via that medium.

As for the Start menu, that change is for the ‘All apps’ page which as the name suggests lists all your apps, with the new options here being the grid and category views.

The grid view sticks to an alphabetical ordering of your apps, as in the standard list view, except with the grid layout, you can fit more apps on with the layout extended out to the side, so there’s less scrolling to do (see the image below).

(Image credit: Microsoft)

Or a more different alternative is the category view where your apps are grouped into various categories and ordered by usage levels. So, for example, there are social apps, or productivity, or entertainment apps, a whole bunch of categories you can dive into, with your most-used apps highlighted in a box featuring their icons (again, see the pic below).

(Image credit: Microsoft)

This feature is still rolling out, so not every tester will see it yet (and it’s coming to the Dev builds, as well as the Beta channel).

That’s pretty much it for this preview build, although there’s one more addition on the accessibility front with File Explorer which is being graced with improved support for text size scaling with File Open or Save dialog boxes (and also with Wizard dialog boxes).

Oh, and Microsoft has applied a number of bug fixes too, while there are some acknowledged issues, which are all listed in the usual blog post outlining the content of build 22635.4950.

Analysis: Almost through testing now

Of course, all this is just in testing, and if trialling any given element doesn’t work out, that feature may be dropped. I’d imagine that’s unlikely, though, as both these fresh introductions are useful and welcome touches.

Easier file sharing has got to be good, and I can’t see anyone arguing with more choice in the Start menu layouts. After all, if you don’t want to have the ‘All apps’ panel look any different to the default list, you don’t need to go near the alternatives.

It’s also worth bearing in mind that having reached the Beta channel, these features are not far from release now. There’s only one more step – final testing in the Release Preview channel – before this functionality is ready to be deployed to the finished version of Windows 11.

Indeed, the move with the Start menu layouts was previously discovered by digging around in test builds in the past, so it’s good to see that coming to fruition (the above mentioned caveats taken into consideration).

You may also like...

• Windows 11 fully streamlined in just two clicks? Talon utility promises to rip all the bloatware out of Microsoft’s OS in a hassle-free way
• Are you unable to get security updates for Windows 11 24H2? Here’s the likely reason why, and the fix to get your PC safe and secure again
• If Microsoft's Windows 11 24H2 issues continue like this, I'll fully convert to SteamOS for gaming

• Spider-Man 4's release date has been pushed back one week
• The joint Sony-Marvel movie will now launch in theaters on July 31, 2026
• The studios don't want Tom Holland's next superhero film to be released so close to Christopher Nolan's next movie

Marvel and Sony have announced a new release date for Spider-Man 4 – but don't worry, you won't have too much longer to wait for its arrival.

Last Friday (February 21), the studios, which are working together on their fourth Spider-Man movie, announced that it'll arrive one week later than its original launch date of July 24, 2026. It'll now swing into theaters on July 31, 2026.

So, what's behind the release date switch-up? It's all Christopher Nolan's fault. The multi-award-winning British filmmaker's next movie – The Odyssey, an epic retelling of the eponymous poem penned by Ancient Greek poet Homer – is set to arrive on July 17, 2026. Matt Damon will be the movie's lead and, ironically, Holland is part of its all-star cast that'll also feature his Spider-Man co-star (and long-time girlfriend) Zendaya.

Clearly, Marvel and Sony don't want Spider-Man 4 to go toe-to-toe with Nolan's latest big-budget team-up with Universal Pictures. Sure, the webslinger could more than hold his own against The Odyssey, but it makes sense to delay Spidey's next big-screen adventure to generate more ticket sales and, by proxy, more profit for the pair. Spider-Man: No Way Home earned over $1 billion during its run in cinemas worldwide in late 2021, and the wallcrawler's next film should be as successful, if not more so, than its forebear. Getting out of The Odyssey's way, even if it's just by an extra week, should help the Marvel Phase 6 film to do that.

What do we know about Spider-Man 4 so far?

Zendaya's (left) role in Spider-Man 4 will be a small one, according to a new report (Image credit: Sony Pictures/Marvel Entertainment)

The best place to learn more about Holland's next Marvel Cinematic Universe (MCU) outing is by reading my dedicated Spider-Man 4 guide. It'll give you the lowdown on everything from its confirmed cast, story specifics, and why it's sandwiched between the next two Avengers flicks – those being Avengers: Doomsday and Avengers: Secret Wars, which are currently slated to land in theaters in May 2026 and May 2027. Spider-Man 4's launch delay is equally beneficial as it'll provide some much-needed breathing room between Doomsday's release and its own, too.

New cast and plot rumors have emerged over the past few days that I haven't covered in my Spider-Man 4 hub yet, though, which may be of interest to you. According to industry insider Daniel RPK, Jacob Batalon won't be returning as Ned Leeds for Spidey's next MCU adventure. Zendaya's MJ will only have a small role in proceedings, too, with director Daniel Destin Cretton seemingly set to introduce a new supporting cast for Holland's Peter Parker.

Until Marvel and/or Sony confirm anything, I'd advise you should take the above with a huge pinch of salt. There's been plenty of speculation about Spider-Man 4's cast and story in recent months but, its release date, Cretton's hiring, and Holland's return aside, nothing has been officially announced. Once something is, you'll be sure to hear it from me. In the meantime, find out how to watch the Spider-Man movies in order or see if you agree with my ranking of the best Spider-Man movies.

You might also like

• Here's how to watch the Marvel movies and TV shows in order
• Get the lowdown on Daredevil: Born Again ahead of its early March release
• Or learn more about Marvel's Thunderbolts film before its May 2 launch

• Empirical Health is an app that uses smartwatch data to provide personalized healthcare
• It's supported by most major insurers and available in more than 30 US states
• It just launched on Android with support for Wear OS watches

Empirical Health is an app that promises to transform personalized health care using data from your smartwatch, and now it's available on Android with support for the best Android smartwatches, providing they run Wear OS.

The 2.0 version of Empirical Health launched on Apple Watch last year and is now available on the Google Play Store. It supports Samsung Galaxy watches, Google Pixel Watches, Fitbits, and other Wear OS devices.

The app's premise is simple. "WearOS watches track tons of health data, but most of it goes unused by the healthcare system. We think that’s a missed opportunity," the company explains. "So, we built an entire medical practice that uses modern technology to streamline diagnostics, improve treatment, and keep the doctor-patient relationship at the center of care."

Medical care through Empirical Health is accessible in more than 30 US states and supported by most major insurance providers. According to the company, that's more than 200 million covered customers, so what exactly can the app do?

Transforming smartwatch data into healthcare

(Image credit: Empirical)

Empirical Health takes data from your smartwatch and uses AI to turn it into a personalized health plan. The plans can only be used once they've been reviewed by a real-life human doctor, who can also provide lab tests, referrals, or prescriptions.

Specifically, the company highlights benefits including at-home tests for sleep apnea. If your smartwatch detects metrics such as low deep sleep or irregular breathing, one of its doctors can order you an at-home sleep apnea test covered by insurance.

It also tracks your heart rate data, and can even provide the equivalent of a tilt table test for Long COVID and Postural orthostatic tachycardia syndrome (POTS). The app has a Today tab, which gives you at-a-glance information like heart rate, sleep, symptom, and workout data. There's also a Metrics tab with a deep dive into over 40 biomarkers taken from your smartwatch data and any blood test results you might have. In eligible locations, you can also use the Chat tab to speak to a doctor, and you can use the Goals tab to set up your own personalized health plan for nutrition, exercise, and more.

With Apple recently unveiling its own ambitious health study into the impact of tech on physical and mental well-being, Empirical Health's expansion is another sign that smartwatches are fast becoming an integral part of everyday health and well-being. Features like sleep apnea detection, heart rate monitoring, fall detection, and ECGs are making smartwatches indispensable for people who want to take control of their health.

You may also like

• Your smartwatch could help predict when you're about to get depressed, according to research
• OnePlus Watch 3 owners in the US are missing out on vital health and fitness features
• How AI-powered informatics and smart technologies could revolutionize healthcare

• New phishing technique discovered abusing PayPal
• The attack uses a feature recently added to the payments platform
• The goal is to get victims to install remote desktop access software

A sophisticated phishing scam has been spotted abusing PayPal and other services, with the goal of tricking people into granting cybercriminals access to their devices.

Researchers from BleepingComputer who, themselves, received one such phishing email, and decided to investigate further.

The victims would get an email directly from “service@paypal.com” claiming a new address had been added to their account, and that a purchase of a new MacBook M4 laptop was completed. The victims were then invited to call a phone number enclosed with the email, if they wish to cancel the order.

Abusing legitimate services

Obviously, all of this is fake. There is no new address, no MacBook, and the phone number - while active - does not belong to PayPal, but rather to the scammers. The goal is to scare people into rash decisions, calling the phone number to quickly cancel the order. The person on the other side would claim the computer was compromised, and that they needed to install an antivirus to clean it up.

This antivirus is actually a ConnectWise ScreenConnect client, which would grant the attackers total control over the computer. After that, they can steal the data, make actual wire transfers, and more.

One thing that actually isn’t fake is PayPal’s email address. As BleepingComputer discovered, PayPal recently introduced a new feature that allows users to add “gift addresses” to their own profiles. So, in reality, the attackers actually added a new address to their own account.

After adding a new address, PayPal can send a customized notification email. This customization allowed the attackers to add the “You purchased a new MacBook phishing message.”

The notification message was then automatically forwarded to another account which, the publication speculates, is a mailing list that forwarded it to the victims.

PayPal users getting this email can safely ignore it. If you’re still suspicious, navigate directly to paypal.com and check to see if there is a new address added (there isn’t).

Via BleepingComputer

You might also like

• These are the most common PayPal scams around right now - so stay alert
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

Rates as high as 4.65% APY won't stick around forever.

• OnePlus released its new Wear OS Watch 3 in February
• It's big and heavy, and there's no LTE option in most markets
• The company has confirmed it's looking to add a new size and LTE model this year

Just days after the OnePlus Watch 3 was released, OnePlus has confirmed that it's already working on new models that will address the three main shortcomings of its new battery-life beast.

As we noted in our OnePlus Watch 3 review, the new wearable boasts the best Wear OS battery life of any of the best Android smartwatches on the market. It comes with OnePlus' classic design language, new health features, and all the Google third-party apps you'd expect from a Wear OS smartwatch. However, it's also quite large and heavy, and there's no LTE option for cellular connectivity outside of China.

Now, the company has confirmed that all three of those issues are on its radar, and says it has plans to introduce a new size and a cellular version later this year.

OnePlus Watch 3's 2025 upgrade

(Image credit: Future)

In comments made to Wareable, OnePlus Health Lab's Head of R&D confirmed that we could see the new models as early as this year.

“It’s true that the watch remains heavy for a small wrist and that this typically affects women, but we will fix that this year," Dr Leo Zhang told the outlet. "We value our customer’s voice and we’re working on that."

"LTE is also something we get asked about by many users," he added, confirming there's no technical barrier to adding the feature. "In China’s domestic market, we have an LTE version," he said. "In an overseas market, we need to work with the carriers – and that’s a big hurdle. We need to work with carriers so users can put in an eSIM and have a data plan."

LTE connectivity allows a smartwatch to connect to a carrier network and use data just like a smartphone. It enables features like navigation, calls and texts, and media streaming even without a smartphone present, a handy feature for runners and other people who want to leave their phone at home exercise with a standalone smartwatch.

Zhang said that "as long as we work smoothly with the carriers," the feature should also be on the upgrade list for the OnePlus Watch 3.

You may also like

• OnePlus Watch 3 owners in the US are missing out on vital health and fitness features
• Exclusive: OnePlus Watch 3 revealed, with an Apple Watch-style rotating digital crown and Galaxy Watch-beating battery life
• I gave up my Garmin for an old-school digital Casio watch for a week: here's what happened to my running

Thousands of civilians have been killed since Russia launched its full-scale invasion on Feb. 24, 2022. Amid a stark shift in U.S. policy, Ukrainians want the war to end — but not on Russia's terms.

(Image credit: Anton Shtuka for NPR)

Packed with instruments and rovers, the soon-to-launch IM-2 mission will explore the lunar south pole and attempt something never done before—to enter a shadowed moon crater to look for ice.

Mike Macans is one of an unknown number of Small Business Administration employees who were fired, unfired and fired again as part of the Trump administration's deep cuts to the federal workforce.

(Image credit: Ash Adams for NPR)

The company behind the controversial Dakota Access Pipeline is suing Greenpeace for at least $300 million for damages the oil pipeline company says it suffered from protests in 2016 and 2017.

(Image credit: Emily Kask for NPR)

What would happen if you blocked the internet from your cellphone for two weeks? A bunch of millennial researchers wanted to answer that question. Here's what they found.

(Image credit: Rob Dobi)

Infostealers are rapidly becoming one of the most dangerous tools in a hacker’s arsenal, particularly in environments where email remains a primary communication channel for enterprises. At their core, infostealers are a type of trojan designed by malware authors to harvest sensitive data such as login credentials, financial information, system details, and personally identifiable information.

These malicious files are engineered to extract as much information as possible, operating quickly and stealthily. Once collected, the stolen data is sent to command-and-control servers, where it can be exploited for various malicious purposes.

Infostealers in the wild

Some research suggests infostealers hit up to 10,000 victims per day; however Forcepoint research teams have observed increased activity from various infostealers recently, targeting victims in a number of ways.

The first is VIPKeyLogger, which circulates through phishing campaigns as an attachment that takes the form of an archive or Microsoft Office files. This exfiltrates data using Instant Messaging telegrams services or dynamic DNS services. Opening the attachment leads to a sequence of events that ultimately ends up in a series of data exfiltration such as recording keystrokes, collecting information like clipboard data, screenshots, browser history, and more.

Strela Stealer is also circulated via phishing campaigns containing attachments which further contains obfuscated script, and on execution of script, it performs malicious activity and harvests sensitive information including usernames, passwords, and other email configuration details, sending it over Command & Control servers.

Lastly, Rhadamanthys stealer was circulated in the holiday season and masquerades as travel industry emails with malicious document attachments. Clicking the documents triggers a chain of downloads and obfuscated scripts to steal user credentials and cryptocurrency wallet data. This campaign resembles the earlier Agent Tesla attacks, but uses novel obfuscation techniques.

Needless to say, infostealers are prevalent and appear in a number of different formats, making them harder than ever to defend against, which begs the question – how can you protect against increasingly sophisticated infostealers?

Protection against infostealers

If it wasn’t already clear, the rise of infostealers emphasizes the need for a sophisticated and holistic approach towards defending your organisation. To work most effectively, that approach must combine essential security measures, such as multi-factor authentication, with a proactive mindset. Cybercriminals are continuously evolving their tactics, so organizations must too in order to stay ahead.

Businesses need to make common practice out of minimizing vulnerabilities by encrypting data at rest and in motion to ensure only authorized individuals have access to sensitive data. Data loss prevention (DLP) solutions for email can help enterprises get control over inbound and outbound threats by supporting virus and malware blocking, spam filtering, content filtering and email archiving. And, of course, by regularly updating and hosting security audits, organizations can better understand if their security measures are effective and where they are lacking.

However, arguably one of the most important parts of an organization's defense is its people. Employees must be aware of their role in organizational security. This includes the basics such as maintaining strong passwords and leveraging technologies like MFA, but should also include their ability to be constantly cyberaware. This means organisations have a role to play in ensuring employees know how to identify and act when faced with an attack, otherwise they have the potential to unknowingly bring the whole kingdom down from the inside. Human error can be the weakest link in the security chain, so it is important staff are educated.

Infostealers represent a growing and insidious threat in today’s digital era, preying on unprotected organizations and unknowing individuals. By combining strong technical defenses with a culture of security awareness, businesses can significantly reduce the risk of becoming a victim to these cyberattacks. When all is said and done, proactive prevention and informed employees are the ultimate line of defense.

We've compiled a list of the best business password managers.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

The way the terminations have been carried out will undermine the efficiency and productivity of workers left behind, expert says.

(Image credit: Kena Betancur/VIEWpress)

Software development teams are facing growing pressure to shorten their development lifecycles and push products and updates faster than ever. The sooner a finished application is launched, the greater the chance of meeting customer demand and stealing a march on the competition to claim market share. Likewise, getting fixes and new features live quickly makes it easier to keep customers happy.

But while time is money, more speed can also quickly introduce more vulnerabilities into the application. While a certain level of risk is acceptable, no developer can afford to have a major security breach undoing all their hard work.

To make matters worse, cybercriminal groups are increasingly preying on this need for speed, exploiting critical open source resources to infiltrate the software supply chain.

Developers need knowledge, resources and support to keep their code secure, with as minimal impact on development schedules as possible.

Dedicated training, in close collaboration with their application security counterparts is one of the key ways to empower developer to achieve this balance.

The growing risks in open-source development

One of the reasons for a greater focus on AppSec skills is the growing concern around unsecured third-party code.

Open source code has become an essential resource for development teams working to strict deadlines. Accessing ready-made building blocks for common application features saves a tremendous amount of time and resources, saving teams from reinventing the wheel for every new project and drastically reducing the SDLC.

GitHub’s most recent Octoverse report revealed that there were more than one billion contributions to open source projects in 2024 alone, and previously estimated that around 97% of all applications incorporate at least some open source code.

However, open source assets can also introduce unnecessary risk to an application. There’s always a chance that any third-party code may have vulnerabilities missed by its creator, and threat actors are escalating the risk further by purposefully injecting malicious code into the open source environment.

In October our researchers discovered that cybercriminals were targeting Python developers in the blockchain industry by uploading what appear to be useful tools for tasks like crypto wallet management and recovery. However, the packages harbored well-hidden malware obfuscated within the code.

The incident is just one of a growing number of cases where cybercriminals have exploited the inherent trust and reliance developers place on open source code repositories. While most reputable platforms make an effort to assess the safety of uploaded assets, the sheer volume of contributions and the potential for obfuscated code means the risk can never be ruled out.

Empowering developers with tailored training

Given that their most valuable resources are being exploited by cybercriminals, it’s more important than ever for developers to be security savvy. However, this has long been a challenge. One of the biggest barriers is that developers are creators and coders first and foremost and many developers will not have had the opportunity to gain real experience in AppSec.

So, the first step is to empower dev teams with structured training and proper resources if they are to take on AppSec effectively.

It’s vitally important that any training efforts are bespoke to their specific experience and needs. Generic programs often overwhelm developers with irrelevant information, making it difficult to apply lessons in practice. Tailored, role-specific training is far more effective, empowering developers to build secure code without disrupting their workflow.

One of the most effective ways of delivering this, is through Just-in-Time (JIT) training which provides actionable guidance precisely when developers encounter vulnerabilities, streamlining the remediation process. This approach aligns security with the fast pace of development, ensuring vulnerabilities are addressed efficiently. Organizations must focus on providing ways to be quick and efficient in security scanning alongside all of their development framework and methodology.

Gamified platforms can be particularly effective here, turning secure coding into an engaging skill-building exercise. These tools foster a sense of ownership, helping developers resolve vulnerabilities and understand their broader impact.

Training and development must provide real-time feedback with minimal impact on the development workflow.

Boosting collaboration with security mentorship

While tools and training are essential, mentorship programs can go even further in bridging gaps in knowledge and execution. This involves embedding security engineers within development teams to help provide guidance and hands-on training. This approach helps foster collaboration, establishing a shared responsibility for secure coding that addresses issues proactively and efficiently.

Mentorships not only ensure security becomes an integral part of the development process but can also remove the siloed “us and them” structure that is common between security and development.

Well-established mentorship programs build into the iterative process and that code is secure on release. This is especially useful for smaller organizations with more limited resources.

Getting started with security mentoring

For organizations that don’t already have a security mentor in place for their development team, a establishing a mentorship program can be fairly straight forward. The first step is to solicit volunteers who want to get involved. Mentors should have a genuine interest in building secure coding practices, rather than feeling like they’ve been forced into taking on more work.

Volunteers also benefit from gaining new skills and diversifying their role as a dev. Resources like Codebashing can provide a structured approach to AppSec skill development, along with other informational assets like webinars and events.

Thriving in a threat-filled landscape

With increasing internal pressure for faster and more efficient development cycles, development teams can often feel caught between a rock and a hard place.

To empower them to thrive in today’s fast-paced environment, organizations must support developers in integrating security into every stage of development. Tailored training and collaborative mentorship equip developers to address vulnerabilities efficiently without slowing down innovation.

We feature a list of the best mobile app development software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Here are some hints -- and the answers -- for Connections: Sports Edition No. 154 for Feb. 24.