Open Source

Open Source | News, how-tos, features, reviews, and videos

programmer certification skills code devops glasses student by kevin unsplash
noops code developer devops html web developer by mazimusnd getty

protective shield / binary code / COVID-19 coronavirus morphology

The OSPO – the front line for secure open-source software supply chain governance

An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...

skull and crossbones in binary code

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

software development / application testing / planning / flow chart / diagram

U.S. government issues guidance for developers to secure the software supply chain: Key takeaways

The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.

Abstract Java code

8 notable open-source security initiatives of 2022

Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources.

man holding pen drawing a heartbeat and red heart

The Heartbleed bug: How a flaw in OpenSSL caused a security crisis

Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it can be traced to a single line of code.

certification programmer binary laptop devops by pixabay

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies.

Developers work together to review lines of code in an office workspace.

Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable

VEX adds context to software vulnerabilities to better inform risk assessment decisions.

noops code developer devops html web developer by mazimusnd getty

SBOM formats SPDX and CycloneDX compared

Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.

Score gauge  >  Excellent

How OpenSSF Scorecards can help to evaluate open-source software risks

Scorecards automatically generates a score for open-source projects based on potential vulnerabilities and dependencies.

programmer developer devops apps developer code hacker dark secrets by peopleimages getty

GitGuardian launches ggcanary project to help detect open-source software risks

GitGuardian says its new open-source canary tokens project helps businesses detect breaches as they unfold.

Hands use a keyboard at a desktop display showing lines of code in a dimly lit workspace.

8 top SBOM tools to consider

These commercial and open-source tools will scan code and create software bills of materials automatically.

assembly / architecture / modular structure / components

What is an SBOM? Software bill of materials explained

An SBOM is a detailed guide to what's inside your software. It helps vendors and buyers alike keep track of software components for better software supply chain security.

Admission tickets in an digital network / access / admittance / authorization / authentication

Auth0’s OpenFGA explained: Open source universal authorization

Authorization is an essential and non-trivial need in application development. Modern requirements have only increased the complexity of delivering adequate authorization. Auth0 aims to make authorization more standard and...

noops code developer devops html web developer by mazimusnd getty

Open-source software risks persist, according to new reports

Companies are still struggling to gain confidence in the security of their open-source projects, but shifting security earlier in the development process shows promise.

software automation gears robotic code by mazimusnd getty and bill oxford via unsplash 2400x1600

For one software maker, an SBOM adds value to the product

At Instant Connect, an SBOM has become part of the product offering, says Chief Product Officer Wes Wells.

hello my name is open source nametag

GitHub open sources Entitlements IAM sytem, built as a Git repository

The company behind one of the most important open source projects in the world is providing a new way to use its framework for IAM (identity and access management) this week.

certification programmer binary laptop devops by pixabay

Sigstore explained: How it helps secure the software supply chain

The free sigstore signing service helps developers establish provenance and integrity of open-source software.

noops code developer devops html web developer by mazimusnd getty

The Open Source Software Security Mobilization Plan: Takeaways for security leaders

The plan from the Linux Foundation and OpenSSF presents three goals to improve open-source software security during development and more effectively address vulnerabilities.

Load More
You Might Also Like