Security News

Malicious libraries in package repositories reveal a fundamental security flaw
2019-07-17 14:06

The proliferation of malicious packages in repositories for software developers that rely on typosquatting points to a problem: A reliance on flat namespaces.

Growing reliance on open source libraries leaves many companies vulnerable
2019-06-03 04:45

Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi,...

OSSPatcher: Automated mobile application patching for bugs in open source libraries
2019-02-26 11:09

Researchers from the Georgia Tech and Peking University are working on OSSPatcher, a system for automatic patching of vulnerable open source libraries included in mobile applications. Fulfilling a...

Critical Bug Impacts Live555 Media Streaming Libraries
2018-10-22 14:41

A critical streaming bug impacts Live Networks LIVE555 RTSPServer, but not the popular VLC and MPLayer client-side software.

Critical Vulnerability Addressed in Popular Code Libraries
2018-06-06 14:53

A critical and widespread arbitrary file overwrite vulnerability has been addressed in popular libraries of projects from HP, Amazon, Apache, Pivotal, and more. read more

GitHub Security Alerts Lead to Fewer Vulnerable Code Libraries
2018-03-22 16:21

GitHub says the introduction of security alerts last year has led to a significantly smaller number of vulnerable code libraries on the platform. The code hosting service announced in mid-November...

GitHub Warns Developers When Using Vulnerable Libraries
2017-11-17 17:26

Code hosting service GitHub now warns developers if certain software libraries used by their projects contain any known vulnerabilities and provides advice on how to address the issue. read more

The Internet Bug Bounty offers rewards for bugs in data processing libraries
2017-10-02 17:40

The Internet Bug Bounty (IBB), a project aimed at finding and fixing vulnerabilities in core internet infrastructure and free open source software, has announced that it will be giving out rewards...

JSON Libraries Patched Against Invalid Curve Crypto Attack (Threatpost)
2017-03-15 15:46

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key.