open source software supply chain
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Two Campaigns Drop Malicious Packages into NPM
The popular NPM code registry continues to be a target of bad actors looking to sneak their malicious packages into open-source code used by software developers. Researchers with Fortinet’s FortiGuard Labs this ...
Security Boulevard
Broken ARM: Mali Malware Pwns Phones
Richi Jennings | | android, ARM, CVE-2023-33200, CVE-2023-34970, CVE-2023-4211, GPU, hardware supply chain, Linux, Mali, open source software supply chain, SB Blogwatch, software supply chain, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Security Boulevard
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
Richi Jennings | | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
CISA Put Securing Open Source Software on the Roadmap
The government’s top cybersecurity agency is laying out steps it says are necessary to ensure that open source software, which is increasingly ubiquitous in modern IT environments, is secure. The eight-page document ...
Security Boulevard
Google Vulnerability Reward Program Focuses on Open Source Software
Google’s bug bounty program will be expanded to include a special open source section called the Open Source Software Vulnerability Rewards Program (OSS VRP), the company announced on its security blog. Through ...
Security Boulevard
OpenSSF Seeks $150M+ to Address Open Source Software Security
The Open Source Security Foundation (OpenSSF) this week outlined a plan to better secure open source software by focusing on 10 streams of investment that, in total, would require more than $150 ...
Security Boulevard
Google Contributes $1M to Reward Developers for OSS Security
Google today launched a Secure Open Source (SOS) pilot program, managed by the Linux Foundation, through which it will set aside $1 million to compensate developers that work on initiatives to better ...
Security Boulevard
How to Establish an Open Source Program Office
Mark Henke | | Everything Open Source, open source, Open Source Governance, open source software supply chain, open-source-software
It feels like some people don’t have a strong understanding of open source. Some misunderstandings have come from working with open source in an environment filled with proprietary software. When the words ...
DevSecOps Leadership Forum: 500 Innovators Learning from Shared Experiences
Matt Howard | | community, DevSecOps, DevSecOps Leadership Forum, DevSecOps, DevOps, Application Security, FEATURED, open source software supply chain
A week ago we hosted the North American DevSecOps Leadership Forum. It was an online event and an amazing experience in which we assembled 500+ software development, application security, and IT operations ...