FBI patches Exchange server backdoors IcedID looks to fill the Emotet malware void Draft plan to improve US power grid security Thanks to our episode sponsor, Sonatype Ask any software developer, and they’ll tell you the truth about two things: 1. Conventional code analysis and appsec tools are noisy and not well integrated into the dev workflow. 2: Tools that don’t actually make life easier for them just add friction and are ignored. Rather than slowing devs down with process-heavy security gates or circuitous quality alerts, Sonatype believes developers are better served by gentle, timely, and effective nudges that actually help them improve the quality, and security of the applications they are building.