GitHub tackles workflow vulnerabilities, finding undisclosed vulnerabilities using LLMs, container image signing, chasing quality OSS license data, OSS funding report
'What sucks in security,' Tool sprawl woes, Vanir’s patch validation, Ultralytics compromised, and supply chain security annual reports!
@solana/web3.js Breach, Census III Insights, Encrypted Apps Warning, Dependency Confusion Challenges, Redis Crate Controversy, WordPress Auth Flaw
CWE Top 25, OSS Dataset for Malware, Arch Linux RFC for upstream package handling, GitHub Wiki Malware Tactics, AI Fuzzing, Malicious linPEAS Fork
From Repo Swatting to PyPI Attestations: Supply Chain Security, eBPF Research, and Tools to Mitigate Emerging Threats
Dependency upgrades are the simplest, most effective way to mitigate risks—so why aren’t they the priority?
CISA's Top Exploited CVEs, Snyk's Probely Acquisition, Dependabot's Copilot Autofix, OSS Maintainers on Vulnerability Management, and Perforce’s Puppet Source Shift
Fuzzing, Security Audits, and New Tools: A Look at Recent Developments in the Open Source Software Security Landscape.
A look at the real-world impact of automated dependency upgrades via tools like Dependabot and Renovate on modern open-source projects
Linus Torvalds and why Linux kernel removed Russian maintainers, Intern corrupts AI model, NASA awards $15.6M to open source projects
AI can now control your entire computer, WordPress War, CISA product security bad practices, and open source vulnerability discoveries!
A 15-year-old collected $50K+ in bounties, command-jacking via entry points, Sonatype's 10th Annual State of the Software Supply Chain Report, and more!