You'd think artificial intelligence (AI) is a boon for developers. After all, a recent Google survey found that 75% of programmers rely on AI. On the other hand, almost 40% report having "little or no ...

Open source software projects - the underpinnings of the global software ecosystem - are getting better at more quickly updating vulnerable dependencies, but at the same time they face more ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned ...

Code quality testing startup SonarSource SA today announced the upcoming release of SonarQube Advanced Security, a new offering that will extend the company’s analysis capabilities beyond first-party ...

More than half (52%) of critical open source projects contain code written in a memory-unsafe language, according to a new analysis by the Cybersecurity and Infrastructure Security Agency (CISA) in ...

The Siren email list allows members to share active exploitations of open-source projects, fueled by recent attempts to sabotage free-to-use software tooling The Open Source Security Foundation ...

In the past decade or so, open source software has become a critical component of many companies' tech stacks. The proliferation of cloud computing and artificial intelligence (AI) accelerated this ...

The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack. In ...

Open source has become a staple for software development in the enterprise, but keeping track of it and maintaining security for it remains an elusive goal, according to a survey of more than 3,500 ...

The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server. Early Sunday morning, the Lapsus$ gang ...

Just like you probably don't grow and grind wheat to make flour for your bread, most software developers don't write every line of code in a new project from scratch. Doing so would be extremely slow ...

In the face of economic headwinds and a worsening problem with code vulnerabilities, 2022 was still a successful year for open source and The Linux Foundation (LF). Leadership and security in ...