The Security Startup That Found Early Traction with Developer Communities

Within months of moving to San Francisco, Strix hit number one on Hacker News, earning the attention of developers, ...
Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

Open-Source Android Apps at Risk Under Google’s New Decree

F-Droid says Google's developer registration rule could end its open-source app store and strand users. Google defends ...
Developer Tech

XZ attack reveals unlearned open-source security lessons

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.
Infosecurity Magazine

How Enterprises Can Manage Open-Source Security When the Shift Left Meets End of Life

Learn how DevSecOps shifts security left and right across the software lifecycle and why understanding end-of-life risks is ...
How-To Geek on MSN

Google’s New Developer Rules Threaten to End the F-Droid Open-Source App Store

If you’re the type of Android user who values privacy and open-source software, you’re probably familiar with F-Droid. It’s ...
InfoWorld

Open source registries signal shift toward paid models as AI strains infrastructure

The foundations said in their blog post that automated CI systems, large-scale dependency scanners, and ephemeral container builds operated by companies place “enormous strain on infrastructure” while ...

Ahmed Allam On Launching Strix Through Hacker News

It was this gap that Ahmed Allam saw clearly when he moved from Egypt to San Francisco. With a background in computer science ...

F-Droid project threatened by Google's new dev registration rules

F-Droid is warning that the project could reach an end due to Google's new requirements for all Android developers to verify ...
Diginomica

Building bridges, not burning maintainers - how the CRA is reshaping open source relations

When Europe's new Cyber Resilience Act (CRA) comes into force, manufacturers will face a challenging but necessary deadline – 24 hours to issue an initial security statement, 72 hours to produce a ...