open source
A 10-point plan to improve the security of open source software
The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a …
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many …
Principles for Kubernetes security and good hygiene
Traditional methods of software security are not a good fit for Kubernetes: a renewed set of security implementations are required to make it less vulnerable. What’s …
Ubuntu 22.04 LTS released, delivers enterprise-grade security
Canonical Ubuntu 22.04 LTS is now generally available, featuring significant leaps forward in cloud confidential computing, real-time kernel for industrial applications, and …
The state of open-source software supply chain security in 2022
In this video for Help Net Security, Donald Fischer, CEO at Tidelift, talks about the state of open-source software supply chain security in 2022. Open source is the modern …
Challenges development teams face when building applications with open source
Tidelift released a report providing critical insights into the state and practice of open source software supply chain management. This comprehensive study of nearly 700 …
81% of codebases contain known open source vulnerabilities
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and …
The state of open source security in 2022
In this video for Help Net Security, Kurt Seifried, Chief Blockchain Officer and Director of Special Projects at Cloud Security Alliance, talks about the state of open source …
What you need to look out for when installing packages from public repositories
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by malicious open source packages. Malicious packages can harm …
Cloud-native adoption shifts security responsibility across teams
Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during …
The Linux Foundation’s Census of OSS app libraries helps prioritize security work
The Linux Foundation announced the final release of “Census II of Free and Open Source Software – Application Libraries,” which identifies more than one thousand of the …
Software supply chain security still a pain point
ActiveState announced the results of its survey, providing insights into the security challenges of the software industry’s open source supply chain, which includes the …
Featured news
Resources
Don't miss
- Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)
- CISA and partners take action as Microsoft Exchange security risks mount
- Shadow AI: New ideas emerge to tackle an old problem in new form
- AI chatbots are sliding toward a privacy crisis
- You can’t audit how AI thinks, but you can audit what it does