open source software supply chain
Two Campaigns Drop Malicious Packages into NPM
The popular NPM code registry continues to be a target of bad actors looking to sneak their malicious packages into open-source code used by software developers. Researchers with Fortinet’s FortiGuard Labs this ...
Broken ARM: Mali Malware Pwns Phones
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
CISA Put Securing Open Source Software on the Roadmap
The government’s top cybersecurity agency is laying out steps it says are necessary to ensure that open source software, which is increasingly ubiquitous in modern IT environments, is secure. The eight-page document ...
Google Vulnerability Reward Program Focuses on Open Source Software
Google’s bug bounty program will be expanded to include a special open source section called the Open Source Software Vulnerability Rewards Program (OSS VRP), the company announced on its security blog. Through ...
OpenSSF Seeks $150M+ to Address Open Source Software Security
The Open Source Security Foundation (OpenSSF) this week outlined a plan to better secure open source software by focusing on 10 streams of investment that, in total, would require more than $150 ...
Google Contributes $1M to Reward Developers for OSS Security
Google today launched a Secure Open Source (SOS) pilot program, managed by the Linux Foundation, through which it will set aside $1 million to compensate developers that work on initiatives to better ...
How to Establish an Open Source Program Office
It feels like some people don’t have a strong understanding of open source. Some misunderstandings have come from working with open source in an environment filled with proprietary software. When the words ...
DevSecOps Leadership Forum: 500 Innovators Learning from Shared Experiences
A week ago we hosted the North American DevSecOps Leadership Forum. It was an online event and an amazing experience in which we assembled 500+ software development, application security, and IT operations ...
Gartner: Mitigate Risk By Hardening the Software Supply Chain
When molten steel is immersed in water it transforms into one of the world’s strongest materials. A resilient software supply chain is no different. Hardened steel requires combining alloys; a hardened software ...