Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

How GitHub Is Securing the Software Supply Chain

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
Infosecurity Magazine

How Enterprises Can Manage Open-Source Security When the Shift Left Meets End of Life

Learn how DevSecOps shifts security left and right across the software lifecycle and why understanding end-of-life risks is ...
Developer Tech

XZ attack reveals unlearned open-source security lessons

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.
Nextgov

Report: Russia-based Yandex employee oversees open-source software approved for DOD use

A Russia-based Yandex employee is the sole maintainer of a widely used open-source tool embedded in at least 30 pre-built software packages in the Department of Defense, raising potential risks of ...
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
Security Boulevard

Get the best from AI in software development without risking the worst

Discover how to harness AI in software development while minimizing risks. Learn strategies for secure coding practices, managing AI-generated code risks, and implementing effective security measures.