The open-source development ... according to a new report from software supply chain management firm Sonatype. The company has tracked over 500,000 new malicious packages since November 2023 ...

DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use. JFrog has ...

By relying on Google’s extensive library of Assured OSS packages, organizations will benefit from a more secure open-source software supply chain, Google said. They’ll be able to understand ...

According to data from software supply chain management company Sonatype, the number of malicious packages detected across the various open-source ecosystems tripled year over year. “Looking at ...

Xeol’s platform tracks end-of-life data for more than 100,000 open source software packages. The company uses this data to identify potential cybersecurity risks within companies’ software ...

A series of high-profile compromises targeting popular open source packages have been uncovered, exposing the growing risk of malicious code infiltration in widely used software tools. Threat actors ...

open-source software remained a key element of supply chain risk in 2024. For example, incidents of exposed development secrets via publicly accessible, open-source packages rose 12% compared to 2023.

A trio of former GitHub executives and engineers have founded a new startup that brings the benefits of one of the most popular open source package managers to the enterprise. Designed primarily ...

real-time threat intelligence data about software packages in open source repositories.” Community Contribution Today’s launch of Spectra Assure Community underscores RL’s enduring ...

an open-source programmable environment that enables researchers and engineers to solve shape optimization problems for soft materials. The software recently described in Nature Computational ...