Dark Reading

How Hackers Infiltrate Open Source Projects

The open source software that the vast majority of organizations include in their critical applications is vulnerable to exploitation from threat actors taking part in its creation. That's the message ...
ZDNet

Open-source security: Zip Slip critical flaw hits thousands of projects. Update now

Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle ...
ZDNet

Microsoft: Application Inspector is now open source, so use it to test code security

Microsoft has released the Microsoft Application Inspector, a cross-platform open-source command-line tool that its engineers use to quickly probe third-party open-source software components for ...