SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how visibility and shift-left security reduce exposure.
InfoWorld

New AI tool targets critical hole in thousands of open source apps

The tool, created by university researchers, is designed to find and automatically create a patch for vulnerabilities in large repositories like GitHub, but it isn’t perfect yet. Dutch and Iranian ...
Forbes

How Socket Plans To Save The World From Open-Source Attacks

Earlier this year, the world came within a few weeks of a disastrous cyber security failure that would have enabled bad actors to penetrate the IT systems of millions of organisations worldwide. The ...
Computer Weekly

Sonatype CEO on self-service: The vulnerability data gap undermining AI-driven development

Increasingly, self-service tools and internal developer platforms (IDPs) are configured to make critical decisions, but ...
SiliconANGLE

Snyk launches Secure Developer Program to strengthen open-source security

Cybersecurity company Snyk Ltd. today announced the launch of its Secure Developer Program, a new initiative designed to empower open-source software maintainers with cutting-edge, develop-friendly ...
Dark Reading

Code-Scanning Tool's License at Heart of Security Breakup

A group of nine application security service providers announced they would "fork" the popular code-scanning project Semgrep, creating a new codebase, after a series of moves by the eponymous startup ...
CSOonline

Threat actors scanning for apps incorporating vulnerable Spring Boot tool

Enterprise admins who haven’t yet mitigated a two-month-old vulnerability in apps that incorporate the open source Spring Boot tool could be in trouble: Attempts to exploit the hole are still ongoing.