EU launches bug bounty programs for five open source solutions
The European Union is, once again, calling on bug hunters to delve into specific open source software and report bugs. This time around, …
Open Source Software
Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers
A new .NET malware packer being used to deliver a variety of remote access trojans (RATs) and infostealers has a fixed password named after …
Open Source Democratized Software. Now Let’s Democratize Security
Today, anyone can contribute to some of the world’s most important software platforms and frameworks, such as Kubernetes, the Linux …
Improving Open Source Supply Chain Transparency with SPDX
Publication of the ISO/IEC 5962:2021 standard for software bill of materials (SBOM) is more beginning than end. At least, that’s what I …
The Drawbacks of a SOAR
We’ve said it before, and we’ll say it again: Security Orchestration, Automation and Response (SOAR) platforms are great tools for …
Reducing security risk in open source software with GitHub Actions and OpenSSF Scorecards V4
GitHub is committed to helping secure the future of open source security, and it is why we continue to partner with our industry peers …
Open Source Security at the White House
There’s no question that open source security and supply chain security has become top of mind issues in the aftermath of the Apache …
Google says open source software should be more secure
In conjunction with a White House meeting on Thursday at which technology companies discussed the security of open source software, Google …
Google calls on U.S. government to do more to secure critical open-source software
After meeting with White House officials Thursday, Google LLC has called for the U.S. government to take on a more proactive role in …
The Open Source Software Security Summit: securing the world’s code together
The world runs on software, which in turn relies on open source. In fact, 99% of the world’s software has at least some open source …
Salt Security Finds Serious GraphQL API Security Hole
GraphQL, the open source query language for application programming interfaces (APIs), is very powerful. With great power comes great …
Tailscale: A Virtual Private Network for Zero Trust Security
Unlike traditional, hub-and-spoke VPN network architectures that send network traffic through a central gateway, Tailscale creates a …
Log4j Scanner Blindspots
Thanks to the Apache Java logging library log4j‘s popularity and its ability to hide in code, we have landmines hiding in our …
One More Log4j Security Hole Before the New Year
How many of us are surprised to learn that yet another log4j security vulnerability has been discovered? In my office, that would be a big, …