There's a false sense of security around open source code, according to Trustwave researchers Brandon Myers and Assi Barak. Their deeper point was that open source code is prone to vulnerabilities ...

Open source security incidents aren't going away. The reliance on open source software (OSS) increases year-over-year, with more than 95% of all software, including open source, in some capacity. From ...

Earlier this year, a Microsoft developer realized that someone had inserted a backdoor into the code of open source utility XZ Utils, which is used in virtually all Linux operating systems. The ...

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...

GitHub, Google, IBM, Red Hat, Microsoft, and VMware are just a few founding members of the Linux Foundation’s latest initiative that aims to smash open source software security bugs. OpenSSF’s ...

Supply chain security startup Socket Inc. announced today that it has raised $40 million in new funding to fuel its mission to modernize security for open-source software and expand its team across ...

BastionZero's OpenPubkey, which is a new cryptographic protocol that's designed to fortify the open-source software ecosystem, is now a Linux Foundation open-source project. Docker is also integrating ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...

In 2023, we’ve seen a lot of emphasis placed on strategies, regulations and technologies aimed at improving software security. Don't expect this interest to wane in 2024 as these discussions are ...

In February, The Linux Foundation’s Open Source Security Foundation (OpenSSF) initiated the Open Source Project Security Baseline (OSPS Baseline) to establish minimum security requirements for ...

Since Russian troops invaded Ukraine more than three years ago, Russian technology companies and executives have been widely sanctioned for supporting the Kremlin. That includes Vladimir Kiriyenko, ...

A reflection of the Department of Homeland Security logo in the eyeglasses of a cybersecurity analyst (Mark J. Terrill/AP/File) There’s no question that open-source software is central to the ...