open source
Unpaid open source maintainers struggle with increased security demands
Ensuring the security of the open-source software that modern organizations depend on is a crucial responsibility of the open source maintainers, especially as attacks on the …
Tython: Open-source Security as Code framework and SDK
Development teams utilize automation through Infrastructure as Code (IaC) to facilitate rapid and frequent changes to their cloud-native architectures. Security teams must …
GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …
The double-edged sword of open-source software
The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming …
Security beyond software: The open source hardware security evolution
Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware. But …
Implementing a zero-trust system that uses workload identity across a service mesh in Kubernetes
In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a …
Google delivers secure open source software packages
Google has announced the Google Cloud Assured Open Source Software (Assured OSS) service, which aims to be a trusted source of secure open source packages, and the deps.dev …
Kodi forum breach: User data, encrypted passwords grabbed
The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a …
Flood of malicious packages results in NPM registry DoS
Attackers are exploiting the good reputation and “openness” of the popular public JavaScript software registry NPM to deliver malware and scams, but are also …
Passbolt: Open-source password manager for security-conscious organizations
In this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to password usage, outlines how the Passbolt password manager …
OSC&R open software supply chain attack framework now on GitHub
OSC&R (Open Software Supply Chain Attack Reference) is an open framework for understanding and evaluating software supply chain security threats. It has received the …
A bug revealed ChatGPT users’ chat history, personal and billing data
A vulnerability in the redis-py open-source library was at the root of last week’s ChatGPT data leak, OpenAI has confirmed. Not only were some ChatGPT users able to see …
Featured news
Sponsored
Don't miss
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)