#open-source-security

[ follow ]
#software-supply-chain #npm #ai-generated-bug-reports #human-ai-collaboration #bug-bounty-behavior
Software development
fromTheregister
18 hours ago

Curl project, swamped with AI slop, finds not all AI is bad

Human-guided AI code analysis can find valid bugs and improve open-source projects despite widespread low-quality AI-generated reports.
Information security
fromTheregister
2 days ago

Socket will block it with free malicious package firewall

Socket released Socket Firewall Free, a free CLI that blocks malicious dependencies at install time across npm, yarn, pnpm, pip, uv, and cargo.
fromTheregister
4 days ago

Google's dev registration plan 'will end the F-Droid project

"The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot 'take over' the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications," he said. "If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open source app distribution sources as we know them today," said Prud'hommeaux.
Tech industry
#software-supply-chain
fromNextgov.com
1 month ago
Information security

Report: Russia-based Yandex employee oversees open-source software approved for DOD use

fromNextgov.com
1 month ago
Information security

Report: Russia-based Yandex employee oversees open-source software approved for DOD use

more#software-supply-chain
Information security
fromCyberScoop
3 weeks ago

The npm incident frightened everyone, but ended up being nothing to fret about

A social-engineering compromise of an npm maintainer briefly poisoned 18 popular packages, but quick detection and response limited the supply-chain attack’s impact and damage.
Information security
fromInfoQ
1 month ago

Google Veles is a New Open-source Secret Scanner Powering GCP

Google released Veles, an open-source secret scanner that detects exposed credentials across artifacts and integrates with OSV-SCALIBR and Google Cloud security products.
Privacy professionals
fromInfoQ
5 months ago

Implement the EU Cyber Resilience Act's Requirements to Strengthen Your Software Project

The European Cyber Resilience Act is a significant development aimed at enhancing cybersecurity across the continent.
[ Load more ]