I have a new Job! OSS usage trends, us-east-1.com DNS insights, CVEs for EOL versions, Palantir's security practices, OSS health checks, OSV-Scanner v2.0.0-beta1
Executive Order 14144, Homebrew warnings, Google’s Patch Rewards, StackOverflow's decline, GitHub antics, and insights on the Cyber Resilience Act
Exploring OSS Vulnerabilities, Google’s OSV Growth, GitHub Actions Security, Snyk's Controversy, CNCF Fuzzing Insights, and More
Explore the public availability of affected functions for OSS vulnerabilities and why vendors are spending millions to build private datasets.
Veracode Acquires Phylum, AWS RCE Vulnerabilities, Elastic CVE Reduction, 2024 CVE Review, PyPI Quarantine, Bundler Checksums, Python Malware Detection
Happy New Year! GitHub Cache-Native Malware, Hijacking Chrome Extensions, 2024 Blog Recap, Microsoft using third-party domains
GitHub tackles workflow vulnerabilities, finding undisclosed vulnerabilities using LLMs, container image signing, chasing quality OSS license data, OSS funding report
'What sucks in security,' Tool sprawl woes, Vanir’s patch validation, Ultralytics compromised, and supply chain security annual reports!
@solana/web3.js Breach, Census III Insights, Encrypted Apps Warning, Dependency Confusion Challenges, Redis Crate Controversy, WordPress Auth Flaw
CWE Top 25, OSS Dataset for Malware, Arch Linux RFC for upstream package handling, GitHub Wiki Malware Tactics, AI Fuzzing, Malicious linPEAS Fork
From Repo Swatting to PyPI Attestations: Supply Chain Security, eBPF Research, and Tools to Mitigate Emerging Threats
Dependency upgrades are the simplest, most effective way to mitigate risks—so why aren’t they the priority?
