Google Trumpets US Federal Open Source Security Initiative
A bipartisan bill aims to create a usable framework for the use of open source components when building applications, which Google is urging the private sector to support.
Open-source software enables code review and reuse, but known vulnerabilities and unmaintained dependencies can create cybersecurity risks.
Search across headline titles and summaries.
Background for this topic.
Open source is software whose source code is available under a license that permits use, inspection, modification, and redistribution. It may be developed by a community, an organization, or a small group of maintainers; “open” does not guarantee that the code is actively reviewed, supported, or secure.
For security teams, the main concerns are vulnerabilities in dependencies and the software supply chain: a maintainer account, release process, or package can be compromised, while an unmaintained component may retain known flaws. Public code can enable review and faster fixes, but visibility alone is not a control. Maintain an inventory or SBOM of open-source components, pin and verify versions or signatures where possible, monitor vulnerability advisories, and apply updates through a controlled process.
A bipartisan bill aims to create a usable framework for the use of open source components when building applications, which Google is urging the private sector to support.
Automobile, Energy, Media, Ransomware?When thinking about verticals, one may not instantly think of cyber-criminality. Yet, every move made by governments, clients, and private contractors screams toward normalizing those menaces as a new vertical
When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.
VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product
Open source tools by Spyderbat address the needs of Platform Engineering and DevOps teams by delivering new insights to workload activities and behaviors.
Also: Iranian election hackers are back, the TSA gets regulatory on train cybersecurity, and more In brief Google has released a new open source software tool to help businesses better understand the risks to their software supply chains by aggregating security metadata into a queryable, standardized database.…
How Red Hat turns an open source entity into overt enterprise security Webinar Linux has come a long way from the early days of 1991 when the Linux kernel grew out of a student project.…