#open-source-security

[ follow ]
#software-supply-chain #supply-chain-security #supply-chain-attack #bug-bounty #python #npm
#ai-generated-vulnerabilities
fromTechzine Global
1 day ago
Information security

Linux Foundation Receives $12.5 Million for Open Source Security

The Linux Foundation receives $12.5 million in grants from major tech companies to address security challenges in open source software caused by AI-generated vulnerability reports overwhelming maintainers.
fromTheregister
1 day ago
Software development

Linux Foundation wants to shield FOSS devs from AI bug slop

Six major tech companies are funding a $12.5 million Linux Foundation initiative to help open source maintainers manage the surge of AI-generated vulnerability reports.
Information security
fromTechzine Global
1 day ago

Linux Foundation Receives $12.5 Million for Open Source Security

The Linux Foundation receives $12.5 million in grants from major tech companies to address security challenges in open source software caused by AI-generated vulnerability reports overwhelming maintainers.
Software development
fromTheregister
1 day ago

Linux Foundation wants to shield FOSS devs from AI bug slop

Six major tech companies are funding a $12.5 million Linux Foundation initiative to help open source maintainers manage the surge of AI-generated vulnerability reports.
more#ai-generated-vulnerabilities
#supply-chain-attacks
fromBleepingComputer
1 day ago
Information security

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

GlassWorm supply-chain campaign compromised 433 components across GitHub, npm, and VSCode/OpenVSX, using a single Solana blockchain address for command-and-control across coordinated attacks targeting cryptocurrency wallets and developer credentials.
fromTheregister
5 months ago
Information security

Socket will block it with free malicious package firewall

Socket released Socket Firewall Free, a free CLI that blocks malicious dependencies at install time across npm, yarn, pnpm, pip, uv, and cargo.
Information security
fromBleepingComputer
1 day ago

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

GlassWorm supply-chain campaign compromised 433 components across GitHub, npm, and VSCode/OpenVSX, using a single Solana blockchain address for command-and-control across coordinated attacks targeting cryptocurrency wallets and developer credentials.
more#supply-chain-attacks
Information security
fromSecurityWeek
2 days ago

Tech Giants Invest $12.5 Million in Open Source Security

The Linux Foundation received $12.5 million in grants from major tech companies to advance open source security through AI-powered solutions and maintainer support.
#supply-chain-attack
fromMedium
1 week ago
Web frameworks

My 8-Year-Old Open-Source Project was a Victim of a Major Cyber Attack

fromMedium
1 week ago
Web frameworks

My 8-Year-Old Open-Source Project was a Victim of a Major Cyber Attack

more#supply-chain-attack
Software development
fromTechCrunch
1 week ago

Anthropic's Claude found 22 vulnerabilities in Firefox over two weeks | TechCrunch

Anthropic discovered 22 vulnerabilities in Firefox using Claude Opus 4.6, with 14 classified as high-severity, most fixed in Firefox 148.
Artificial intelligence
fromArs Technica
1 month ago

After a routine code rejection, an AI agent published a hit piece on someone by name

Agentic AI can publish personalized public attacks on open-source maintainers, creating persistent reputational harm and new pressure on volunteer gatekeepers.
Artificial intelligence
fromInfoWorld
1 month ago

Claude AI finds 500 high-severity software vulnerabilities

Claude Opus 4.6 uncovered 500 high-severity zero-day vulnerabilities in open-source projects while running in a VM with standard analysis tools and no guidance.
fromAxios
1 month ago

Anthropic's newest AI model uncovered 500 zero-day software flaws in testing

Before its debut, Anthropic's frontier red team tested Opus 4.6 in a sandboxed environment to see how well it could find bugs in open-source code. The team gave the Claude model everything it needed to do the job - access to Python and vulnerability analysis tools, including classic debuggers and fuzzers - but no specific instructions or specialized knowledge. Claude found more than 500 previously unknown zero-day vulnerabilities in open-source code using just its "out-of-the-box" capabilities,
Information security
#curl
more#curl
#python
more#python
#bug-bounty
more#bug-bounty
#npm
more#npm
#codemender
more#codemender
Software development
fromTheregister
5 months ago

Curl project, swamped with AI slop, finds not all AI is bad

Human-guided AI code analysis can find valid bugs and improve open-source projects despite widespread low-quality AI-generated reports.
fromTheregister
5 months ago

Google's dev registration plan 'will end the F-Droid project

"The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot 'take over' the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications," he said. "If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open source app distribution sources as we know them today," said Prud'hommeaux.
Tech industry
#software-supply-chain
more#software-supply-chain
Information security
fromInfoQ
6 months ago

Google Veles is a New Open-source Secret Scanner Powering GCP

Google released Veles, an open-source secret scanner that detects exposed credentials across artifacts and integrates with OSV-SCALIBR and Google Cloud security products.
Privacy professionals
fromInfoQ
10 months ago

Implement the EU Cyber Resilience Act's Requirements to Strengthen Your Software Project

The European Cyber Resilience Act is a significant development aimed at enhancing cybersecurity across the continent.
[ Load more ]