Internet, per come lo conosciamo oggi, è composto da migliaia di componenti digitali che, assemblate tra di loro, danno forma ogni volta ad applicazioni e piattaforme diverse. Possiamo pensarle come dei mattoncini Lego: le unità fondamentali sono spesso le stesse, ma combinarle in modo diverso permette di generare strumenti e spazi digitali diversi.
The Linux Foundation and the Open Source Software Security Foundation (OpenSSF) brought together over 90 executives from 37 companies and...
Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute. As a result, malicious packages like ua-parser-js, and node-ipc are regularly uploaded to popular repositories despite their best efforts, with sometimes devastating consequences for users.
Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.
A travers plusieurs mises à jour de projets open source, des développeurs ont manifesté leur opposition à l’invasion russe de l’Ukraine. Si dans certains cas, l’impact se limite à des messages de sensibilisation, certains projets vont jusqu’à inclure des logiciels malveillants.
Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.