According to early data from Sonatype’s 8th annual State of the Software Supply Chain Report, an average 700% jump in cyberattacks against open source projects/repositories has been recorded over the last three years. To capitalize on weaknesses in upstream open source ecosystems, cybercriminals continue to target organizations through open source repositories. They contribute malware-infected software […]
Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security vulnerabilities they are currently sporting. Open Source Insights Open Source Insights is a Google Cloud Platform-hosted tool that’s accessible via a website into which users can enter the name of […]
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers’ practices regarding vulnerability reporting, alerting and remediation. The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed. Additional findings Security vulnerabilities […]
Latest Comments