News

Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects - here's what devs need to know
A recent investigation by Sysdig’s Threat Research Team (TRT) has exposed how misconfigurations, particularly involving the ...
LinuxInsider7d
Is a Security Baseline Enough for Open-Source Software?
The OpenSSF’s new baseline sets minimum security expectations for open-source projects — but not all developers agree it’s ...
SecurityWeek2d
Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection
Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise Google projects.
CSO Online2d
GitHub Actions attack renders even security-aware orgs vulnerable
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by ...
InfoWorld11d
New AI tool targets critical hole in thousands of open source apps
The tool, created by university researchers, is designed to find and automatically create a patch for vulnerabilities in large repositories like GitHub, but it isn’t perfect yet.
Security Boulevard3d
How Azul and Moderne Are Boosting Java Developer Productivity
Moderne and Azul are helping development teams identify, remove, and refactor unused and dead code to improve Java developer productivity. The post How Azul and Moderne Are Boosting Java Developer ...
ExecutiveGov1d
DARPA Launches Capstone Program to Boost Software Security
Learn about DARPA's Resilient Software Systems Capstone program and how it works to strengthen weapon systems software ...
Accounting Today15d
IRS releases source code for Direct File
The IRS has released the vast majority of the code used to develop its Direct File program, theoretically allowing anyone to ...
ZeroRISC raises $10M to expand open-source silicon security platform
Silicon supply chain integrity solutions startup ZeroRISC Inc. announced today that it has raised $10 million in new funding ...