Working with GitHub, they found 2.87 million open-source files which contained Python’s tarfile module in about 588,000 unique repositories — 61% of which, or 350,000, were vulnerable to being ...

A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain ...

Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising ...

On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of ...

Along with the rise of Python, and a swap for the eighth-most-used language between Shell and C, GitHub said 2024 was a banner year for open source as well, with "a continued increase in first ...

They also have 61 external developers contributing to the open source project, which is helping speed up development for a young company with limited engineering resources, and helping drive interest.

Sigstore is already one of the fasted adopted open source projects ever, with more than 4 million signatures logged so far. Both the Kubernetes and Python communities use it to sign their releases.

Just 11 per cent are viable A recent analysis of 1.2 million open source software projects primarily across four ecosystems found that only about 11 per cent of projects were actively maintained.

"To ensure that maintainers of critical projects have the ability to implement strong 2FA with security keys, the Google Open Source Security Team, a sponsor of the Python Software Foundation, has ...

Open Source Security Dependent on Handful of Contributors CENSUS III also found that the security management of open source software tends to be dependent on a tiny number of contributors. For example ...