Security News

Built and supported by vast communities of developers, OSS has become the ubiquitous building block of devices and apps in the general information technology community where 92% of applications now contain open source software - and medical devices have been catching up with that trend over the past few years. One open source library could be pulling in any number of dependencies: other open source libraries in a potentially long chain that also need to be examined.

The Open Source Security Foundation has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packages by detecting and alerting users to any malicious behavior with the goal of bolstering the security of the software supply chain and increasing trust in open-source software.

The Open Source Security Foundation, a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.

The changing role of the CCO: Champion of innovation and business continuityIn this interview with Help Net Security, Simon Winchester, VP Worldwide Advanced Technologies at Jumio, talks about the changing role of the chief compliance officer and how to alleviate some of its burdens in today's highly regulated world. How fast do cybercriminals capitalize on new security weaknesses?Threat intelligence analysts at Skybox Research Lab uncovered a 42% increase in new ransomware programs targeting known vulnerabilities in 2021.

In this video for Help Net Security, Donald Fischer, CEO at Tidelift, talks about the state of open-source software supply chain security in 2022. Open source is the modern application development platform and is becoming an indispensable part of the software development process for organizations of all sizes.

This comprehensive study of nearly 700 technologists, now in its fourth year, explored the most urgent challenges development teams face when building applications with open source. It also reveals new insights into how confident technologists are in their organizations' current open source management practices, and in the open source components and languages they use more generally.

From an operational risk/maintenance perspective, 85% of the 2,097 codebases contained open source that was more than four years out-of-date. Assessed codebases show open source vulnerabilities are decreasing overall.

In this video for Help Net Security, Kurt Seifried, Chief Blockchain Officer and Director of Special Projects at Cloud Security Alliance, talks about the state of open source security in 2022. Open source is everywhere, it's in everything, and everyone is using it.

Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem.

A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. It constantly surprises non-computer people how much critical software is dependent on the whims of random programmers who inconsistently maintain software libraries.