Why automated open source scans don't guarantee license compliance

Hannah Dacayanan of UnitedLex discusses ways in which automated software composition analysis tools identify open source ...
Scientific American

Open-source software has an invisible vulnerability. Hackers have found it

The danger in the code came from characters that are invisible to the human eye. In early March researchers at several security firms examined what looked like empty space and found hidden Unicode ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Hosted on MSN

Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it

Lightwell is a huge effort to safeguard open-source software. IBM and Red Hat are investing in this massive security initiative. We don't yet know how this subscription-based service will work. AI is ...
Computer Weekly

Open source security and sustainability remain unsolved problem

The ease with which developers can integrate third-party open source code has created a security and sustainability crisis, according to a senior executive at edge cloud platform Fastly. Speaking to ...