GitHub founded the Open Source Security Coalition in 2019 to bring together industry leaders around this mission and ensure the consumption of open source software is something that all ...

Open-source security would be significantly enhanced by a culture of developers “writing stuff down,” according to Stephen Augustus, Head of Open Source at Cisco. This includes information on ...

“It’s handled very different between open-source projects,” said Vincent Berg, researcher at security firm IOActive. “There are projects that have a very active approach to it.

GitHub launched a deep-dive into the state of open source security, comparing information gathered from the organization's dependency security features and the six package ecosystems supported on ...

One year after the Log4j disaster, open source community efforts and new developer toolchains are addressing the challenges of software supply chain security. Early December marked the one-year ...

Open source’s “many eyes” assurance served mostly to gloss over a weakness in the open source ecosystem, implying an atmosphere of constant vigilance where none existed, says Bill Weinberg ...

Branded Content by Cosmic Press. Due to the popularity of open source components, and the increase in data breaches caused by open source vulnerabilities, open-source security has become crucial to ...

Open-source security initiatives: The role of stakeholder collaboration and tools. One of OpenSSF’s strategies for fortifying open-source security is a key initiative in the upcoming Open Source ...

More than 1 in 4 organizations spend between $100,000 and $500,000 in audit penalties annually, according to a joint study by ...

The remaining 10 open source application, tool and database packages — Derby, Geronimo, Hibernate, Hipergate, JBoss, Jonas, OFBiz, OpenCMS, Resin and Struts — had a dismal showing.

The curl open-source project is grappling with an overwhelming deluge of low-quality “AI slop” security reports.

Open source involves organizations using open and freely available code and it has become increasingly popular today, with recent data from the Synopsys Open Source Security and Risk Analysis Report ...