From Repo Swatting to PyPI Attestations: Supply Chain Security, eBPF Research, and Tools to Mitigate Emerging Threats
Dependency upgrades are the simplest, most effective way to mitigate risks—so why aren’t they the priority?
CISA's Top Exploited CVEs, Snyk's Probely Acquisition, Dependabot's Copilot Autofix, OSS Maintainers on Vulnerability Management, and Perforce’s Puppet Source Shift
Fuzzing, Security Audits, and New Tools: A Look at Recent Developments in the Open Source Software Security Landscape.
A look at the real-world impact of automated dependency upgrades via tools like Dependabot and Renovate on modern open-source projects
Linus Torvalds and why Linux kernel removed Russian maintainers, Intern corrupts AI model, NASA awards $15.6M to open source projects
AI can now control your entire computer, WordPress War, CISA product security bad practices, and open source vulnerability discoveries!
A 15-year-old collected $50K+ in bounties, command-jacking via entry points, Sonatype's 10th Annual State of the Software Supply Chain Report, and more!
The State of Open Source in Financial Services, the future of Python packaging, NVIDIA NIM Agent Blueprints, fuzzing, and more!
How Quickly Hackers Exploit Exposed Secrets, Google's Strategies for Memory Safety, Python 3.8 EOL, and SLSA Provenance in PyPI
Feds Prioritize Open-Source Software Security Initiatives
2024 Open Source Maintainer Report, Java fuzz harness synthesis using LLMs, Hijacking deleted packages, AI Crisis, and more!