Security news aggregator

Latest coverage for Open Source

Open-source software enables code review and reuse, but known vulnerabilities and unmaintained dependencies can create cybersecurity risks.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Open source is software whose source code is available under a license that permits use, inspection, modification, and redistribution. It may be developed by a community, an organization, or a small group of maintainers; “open” does not guarantee that the code is actively reviewed, supported, or secure.

For security teams, the main concerns are vulnerabilities in dependencies and the software supply chain: a maintainer account, release process, or package can be compromised, while an unmaintained component may retain known flaws. Public code can enable review and faster fixes, but visibility alone is not a control. Maintain an inventory or SBOM of open-source components, pin and verify versions or signatures where possible, monitor vulnerability advisories, and apply updates through a controlled process.

Showing 7 most recent headlines Filtered view
Bank Info Security 1 year, 5 months ago

French AI Action Summit, What Can We Expect?

Summit to Focus on Open-Source, AI Governance and DevelopmentThe historic presidential Élysée Palace in Central Paris will host world leaders, tech CEOs and researchers for the French AI Action Summit, a two-day event that will commence on Monday. U.S. Vice President JD Vance, OpenAI CEO Sam Altman and Google's Sundar Pichai will be on hand.

Governments Are Skeptical of Chinese A1 Platform's Data Security ControlsCountries across Asia are racing to ban government officials, national agencies and critical infrastructure organizations from using Chinese artificial intelligence company DeepSeek's open-source chatbot application, citing data security and privacy risks.

Bank Info Security 1 year, 5 months ago

ISMG Editors: AI Security Wake-Up Call From DeepSeek

Also: Addressing AI Vulnerabilities and Governance ChallengesDeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes.

Analyst Allie Mellen on Open-Source AI Adoption, Vendor Considerations, Data RisksAI adoption is accelerating across security operations, but DeepSeek has introduced security, privacy, and geopolitical risks that organizations should carefully assess. Forrester's Allie Mellen shares advice on AI adoption by cybersecurity, third-party risks and data protection.

Bank Info Security 1 year, 5 months ago

Open-Source AI: Power Shift or Pandora's Box?

Could Open-Source AI Redefine the Future? Here's What Experts SayOpen-source AI is shaking up the industry, challenging traditional large and small language models and raising new security concerns. With DeepSeek-R1 leading the charge, experts weigh in on the risks, rewards and the future of AI monetization. Is the future of AI open - or are we headed for new challenges?

Espionage and Cybercrime Campaign Tied to 7-Zip Mark-of-the-Web Bypass HitsRussian hackers targeting Ukrainian government agencies and businesses - including a major automotive manufacturer - have been targeting a zero-day vulnerability in the open source and widely used 7-Zip archive utility, to infect systems with credential-stealing SmokeLoader malware.