Security News

The proliferation of malicious packages in repositories for software developers that rely on typosquatting points to a problem: A reliance on flat namespaces.

Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi,...

Researchers from the Georgia Tech and Peking University are working on OSSPatcher, a system for automatic patching of vulnerable open source libraries included in mobile applications. Fulfilling a...

A critical streaming bug impacts Live Networks LIVE555 RTSPServer, but not the popular VLC and MPLayer client-side software.

A critical and widespread arbitrary file overwrite vulnerability has been addressed in popular libraries of projects from HP, Amazon, Apache, Pivotal, and more. read more

GitHub says the introduction of security alerts last year has led to a significantly smaller number of vulnerable code libraries on the platform. The code hosting service announced in mid-November...

Code hosting service GitHub now warns developers if certain software libraries used by their projects contain any known vulnerabilities and provides advice on how to address the issue. read more

The Internet Bug Bounty (IBB), a project aimed at finding and fixing vulnerabilities in core internet infrastructure and free open source software, has announced that it will be giving out rewards...

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key.