The risk in the JavaScript ecosystem isn't theoretical: earlier this month, a number of packages used by millions of developers were compromised via malicious code. These malware attacks against ...
The developer of a popular open-source tool added pro-Ukraine “protestware” to the software, prominent cybersecurity journalist Brian Krebs reported on Thursday. The open-source tool in question is ...
Google has expanded its OSS-Fuzz Reward Program to offer rewards of up to $30,000 for researchers who find security flaws in open-source programs. The expanded scope of the program now means the total ...
The React Foundation will maintain React’s infrastructure, organise events and creative initiatives to support the React ecosystem. Non-profit organisation the Linux Foundation announced yesterday (7 ...
Researchers at the Laboratory for Innovation Science at Harvard University (LISH) have published the most comprehensive census of free and open source (FOSS) software packages to date, with the aim of ...
Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package Analysis Project is one of the software supply ...
Merchants building businesses on giant marketplaces often have to think inside the marketplace’s box, but Medusa, a one-year-old e-commerce startup from Denmark, is going after e-commerce platforms, ...
There isn’t nearly enough money in open source today. We can complain about venture capitalists distorting open source licensing, wring our hands about sustainability, and fret over how much ...
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The attacker(s) used stolen ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback