Security

Linux Foundation warns of US OFAC sanctions

The Linux Foundation has posted a guide to navigating US Office of Foreign Assets Control sanctions and other global regulations for open source developers.

By Paul Krill

Feb 03, 20253 mins

Application SecurityData and Information SecurityOpen Source

Supply chain compromise of Ultralytics AI library results in trojanized versions

By Lucian Constantin

Dec 09, 20241 min

Development Libraries and FrameworksPythonSecurity

A GRC framework for securing generative AI

By Trevor Welsh

Nov 19, 202411 mins

Application SecurityData GovernanceGenerative AI

Articles

Kazakhstan’s SOS 102: Redefining Public Safety Through Innovation

By IDC

Jan 23, 2025 4 mins

Security

Java proposals would boost resistance to quantum computing attacks

OpenJDK proposals would provide Java implementations of a quantum-resistant module-latticed-based digital signature algorithm and key encapsulation mechanism.

By Paul Krill

Nov 08, 2024 2 mins

Application SecurityData and Information SecurityJava

‘Package confusion’ attack against NPM used to trick developers into downloading malware

Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control.

By John E. Dunn

Nov 06, 2024 4 mins

Open SourceSecurityVulnerabilities

What Entrust certificate distrust means for developers

Secure communications between web browsers and web servers depend on digital certificates backed by certificate authorities. What if the web browsers stop trusting your CA?

By Travis Van

Oct 30, 2024 9 mins

Application SecurityBrowser SecurityWeb Development

Why are we still confused about cloud security?

We’re building too much complexity and are ill-trained to secure it. The result will be breach after breach, while enterprises wonder what happened. Get a clue now.

By David Linthicum

Oct 15, 2024 5 mins

Cloud SecurityIdentity and Access ManagementSecurity Infrastructure

Open source package entry points could be used for command jacking

Threat actors could use these supply chain attacks to compromise applications, says Checkmarx.

By Howard Solomon

Oct 14, 2024 1 min

Open SourceSecurityVulnerabilities

Why cloud security outranks cost and scalability

Too many businesses believe that adequate security is too expensive. Here are some ways to keep costs manageable.

By David Linthicum

Oct 04, 2024 5 mins

APIsCloud SecurityMicroservices

Understanding VBS Enclaves, Windows’ new security technology

Microsoft is protecting Recall’s vector indexes in trusted execution environments. It adds a bit of computational overhead, but is a must for data security.

By Simon Bisson

Oct 03, 2024 8 mins

ContainersData and Information SecurityWindows Security

Java 23 highlights crypto performance and security

Security-related enhancements include crypto performance updates, new debugging options, and additions to Kerberos and PKI.

By Paul Krill

Sep 24, 2024 3 mins

JavaProgramming LanguagesSecurity

Security takes a front seat

Threats that have always existed but are now amped up by generative AI are making enterprise leadership take notice and open the purse strings.

By Matt Asay

Aug 19, 2024 4 mins

Application SecurityCloud SecurityTechnology Industry

Red-teaming AI with PyRIT

Microsoft has open sourced a key piece of its AI security, offering a toolkit that links data sets to targets and scores results, in the cloud or with small language models.

By Simon Bisson

Aug 15, 2024 7 mins

Application SecurityGenerative AIMicrosoft Azure

Focusing open source on security, not ideology

In today’s world where everything gets hacked, conversations about security are what’s truly important, especially to attract younger developers to open source.

By Matt Asay

Jul 22, 2024 4 mins

Cloud SecurityOpen SourceSecurity Practices