Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
XDA Developers on MSN

Why I replaced my dedicated NVR for open-source software

I enjoyed using an old NVR, but it was time to retire it, and Frigate made too much sense. Here's why I switched.
Infosecurity Magazine

How Enterprises Can Manage Open-Source Security When the Shift Left Meets End of Life

Learn how DevSecOps shifts security left and right across the software lifecycle and why understanding end-of-life risks is ...
Nextgov

Report: Russia-based Yandex employee oversees open-source software approved for DOD use

A Russia-based Yandex employee is the sole maintainer of a widely used open-source tool embedded in at least 30 pre-built software packages in the Department of Defense, raising potential risks of ...
Bleeping Computer

CISA open-sources Thorium platform for malware, forensic analysis

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, ...
Defense One

Malicious states are working to weaponize open-source software: report

Chinese, Russian, and North Korean-affiliated hackers are covertly working to insert backdoor hijacks and exploits into major publicly available software used by countless organizations, developers, ...
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...