VentureBeat

GitLab’s open source Package Hunter detects malicious code in dependencies

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Let the OSS Enterprise newsletter guide your open source journey! Sign up ...

Nord VPN ups its game in open-source, with Linux-based package for OpenWrt routers

The headless package is available on GitHub, promoting transparency across the open-source community. Here's all you need to ...
SiliconANGLE

New repository aims to illuminate open-source package vulnerabilities and malicious code

The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing cross-ecosystem reports of malicious packages. Claimed to be ...
SiliconANGLE

JFrog’s new Curation solution automates security for open-source packages

Software supply chain company JFrog Ltd. today launched JFrog Curation, an automated DevSecOps solution that checks and blocks infected open-source or third-party software packages and their ...
Business Wire

Tidelift Introduces Advanced Open Source Intelligence Capabilities To Improve Software Supply Chain Security in Partnership with Maintainers

BOSTON--(BUSINESS WIRE)--Tidelift, a provider of solutions for improving the security and resilience of the open source software supply chain powering modern applications, today announced a broad new ...
ZDNet

Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google

Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package Analysis Project is one of the software supply ...
SD Times

OpenSSF launches Malicious Packages repository to track reports of compromised open source packages

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Bleeping Computer

Open source 'Package Analysis' tool finds malicious npm, PyPI packages

The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious ...
SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how visibility and shift-left security reduce exposure.
Nextgov

Sen. Cotton urges top White House cyber official to protect open-source software

A letter from the chairman of the Senate Intelligence Committee cites previous Nextgov/FCW reporting about a potential ...
InfoWorld

Harvard census identifies most commonly used open source packages

Researchers at the Laboratory for Innovation Science at Harvard University (LISH) have published the most comprehensive census of free and open source (FOSS) software packages to date, with the aim of ...
Computerworld

The five top objections to open-source

There are significant objections to overcome before open-source software can be broadly adopted across enterprises. These issues aren’t insurmountable, but they need to be adequately addressed before ...