The fallout from the Log4j vulnerability has prompted bipartisan action to beef up open source software security. Proposed act would task CISA with developing a risk framework to evaluate open source code used by the federal government, and could be passed on to critical infrastructure businesses.
Some security experts worry that open source Twitter code would thus not be tremendously helpful in revealing how the system selects content, but would create avenues of attack for threat actors that could now scrutinize its internal workings.
An open source project maintainer decided to protest the war in Ukraine by targeting computers with an IP address in Russia or Belarus with a malicious update in a controversial act of hacktivism.
Thousands of companies using popular NPM libraries have just learned that the hidden price of free software is that the open source developer may withdraw their consent at any time.
To meet the ever-increasing challenge of cybercrime and rebuild user trust, tech companies will need to be built with a new standard that embraces a transparent and open source approach.
Open source software components are useful for software development yet vulnerable to attacks due to its openness. What are some of the best security practices in managing them?