Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

How GitHub Is Securing the Software Supply Chain

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
Developer Tech

XZ attack reveals unlearned open-source security lessons

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.
Securities.io

NPM Supply-Chain Attack: What Happened and How to Fix It

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
Forbes

The True Value Of Open-Source Software Isn’t Cost Savings

Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. Open-source software powers the majority of today’s businesses. An estimated 70% to 90% of ...
Security Boulevard

Get the best from AI in software development without risking the worst

Discover how to harness AI in software development while minimizing risks. Learn strategies for secure coding practices, managing AI-generated code risks, and implementing effective security measures.