Security news that informs and inspires

Archive

15 results for tag Open Source:

Keeping Dependencies Straight in the Software Supply Chain

The nature of modern software development is that development teams have to rely on "blind trust" for some of the code components written by someone else. A new attack method showed how build systems could be tricked into pulling code from the wrong projects.

Software Development, Supply Chain, Open Source

Malicious Code Found in Package Repositories

Attackers have increasingly targeted the software supply chain by populating package managers such as RubyGems and npm with malicious code.

Software Security, Open Source

IBM Releases Open Source Encryption Toolkit

Protecting data while in use is a challenge. IBM released an open source toolkit to help developers implement fully homomorphic encryption in their applciations.

Encryption, Open Source

Most Applications Contain Vulnerable Open Source Libraries

Modern software development relies on open source libraries, even for those applications that are sold commercially and aren’t open source. A pair of reports from Veracode and Synopsys illustrate how these components are introducing vulnerabilities into these applications.

Open Source, Application Security, Javascript

GitHub Expands Scanning to Find Security Flaws in Code

The goal for secure software isn’t to never have vulnerabilities, but to be able to find vulnerabilities as soon as possible so that they can be fixed. GitHub has expanded its code scanning capabilities to make it easier for developers to identify flaws in projects that are managed on its platform.

Open Source, Github, Vulnerability, Appdev