Hidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure use of open-source software in 2025. Open-source software is common ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...

Earlier this year, a Microsoft developer realized that someone had inserted a backdoor into the code of open source utility XZ Utils, which is used in virtually all Linux operating systems. The ...

Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years ...

There's a false sense of security around open source code, according to Trustwave researchers Brandon Myers and Assi Barak. Their deeper point was that open source code is prone to vulnerabilities ...

Open source security incidents aren't going away. The reliance on open source software (OSS) increases year-over-year, with more than 95% of all software, including open source, in some capacity. From ...

Supply chain security startup Socket Inc. announced today that it has raised $40 million in new funding to fuel its mission to modernize security for open-source software and expand its team across ...

Can open source software be regulated? Should it be regulated? And if so, will it lead to enhanced security? In mid-September, two government's approaches to securing open source software were on ...

The ease with which developers can integrate third-party open source code has created a security and sustainability crisis, according to a senior executive at edge cloud platform Fastly. Speaking to ...

A reflection of the Department of Homeland Security logo in the eyeglasses of a cybersecurity analyst (Mark J. Terrill/AP/File) There’s no question that open-source software is central to the ...