Open-source security: It’s too easy to upload ‘devastating’ malicious packages, warns Google
Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package...
Tagged: OpenSource
Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of...
Some developers are fouling up open-source software
One of the most amazing things about open-source isn’t that it produces great software. It’s that so many developers put their egos aside to...
Corrupted open-source software enters the Russian battlefield
It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called...
New Backdoor Targets French Entities via Open-Source Package Installer
Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey...
Meta Releases Open-Source Browser Extension for Checking Code Authenticity
Meta, which is Facebook’s parent company, has announced the release of new technology that it aims to implement in its everyday workings. The technology,...
The top 1,000 open-source libraries
When you think of important open-source projects you almost certainly recall Linux, the Apache Web Server, LibreOffice, and so on. And, that’s true. These...
When open-source developers go bad
Chances are unless you’re a JavaScript programmer, you’ve never heard of the open-source Javascript libraries ‘colors.js‘ and ‘faker.js.” They’re simple programs that respectively let...
Application Security / Audits / Cloud Security / Compliance / Cyberwarfare / Data Protection / Email Security / Endpoint Security / Fraud & Identity Theft / Identity & Access / Malware / Network Security / NEWS & INDUSTRY / Phishing / Privacy / Virus & Malware / Vulnerabilities
Apache Foundation Calls Out Open-Source Leechers
The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are...
In 2022, security will be Linux and open-source developers job number one
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck,...