October 28, 2024 at 02:36AM Organizers of WordCamps have been ordered by Automattic employees to take down social media posts and share login credentials, amidst tensions over WordPress’s control and rival WP Engine’s contributions. This has led to volunteer frustration and concerns over community engagement and autonomy, harming events like WordCamp Sydney. ### Meeting Takeaways: … Read more
October 24, 2024 at 06:06PM The AWS Cloud Development Kit (CDK) has a vulnerability due to its predictable S3 bucket naming during deployment, potentially allowing unauthorized access. Researchers from Aqua found this affects about 1% of users. They advise modifying bucket names and emphasize not using predictable patterns to prevent exploitation. ### Meeting Takeaways: 1. … Read more
October 24, 2024 at 08:17AM Codasip donated its RISC-V software development kit to the CHERI Alliance to enhance chip memory safety for developers. The SDK includes essential tools like a C/C++ compiler, emulator, and build system, aiming to facilitate CHERI technology adoption in securing hardware memory against vulnerabilities like buffer overflows. ### Meeting Takeaways: 1. … Read more
October 24, 2024 at 07:39AM Bitwarden’s new build requirements have raised concerns about its status as free and open-source software (FOSS). A recent GitHub discussion highlighted that the SDK needed for compilation is not free, prompting comparisons to other companies that have shifted away from open-source principles. Alternatives exist but may require more user management. … Read more
October 24, 2024 at 06:09AM AI models from Hugging Face may harbor hidden issues similar to open-source software from platforms like GitHub. A new scoring system has been introduced to enhance the security of the open-source AI model supply chain. This aims to address potential vulnerabilities in AI models. **Meeting Takeaways:** 1. **Similarity in Issues**: … Read more
October 23, 2024 at 09:50AM Socket has secured $40 million in Series B funding to advance its development of open source software supply chain security technology. **Meeting Takeaways:** 1. **Funding Achievement:** Socket has successfully raised $40 million in a Series B funding round. 2. **Focus Area:** The raised funds will be allocated towards developing technology … Read more
October 18, 2024 at 12:38PM In less than two years, AI assistants have significantly improved coding efficiency among developers, leading to increased software downloads and developments. However, security has lagged, with vulnerability remediation times rising drastically. Concerns grow over AI-generated code quality and security, particularly for inexperienced developers, potentially impacting future talent development. ### Meeting … Read more
October 15, 2024 at 10:24AM A public dispute has erupted between WP Engine and WordPress founder Matt Mullenweg over the Advanced Custom Fields (ACF) plug-in, following Mullenweg’s decision to fork ACF into Secure Content Fields (SCF). This has led to user confusion regarding updates, security issues, and potential legal actions between the companies. ### Meeting … Read more
October 7, 2024 at 05:57AM A critical security flaw (CVE-2024-47561) in Apache Avro Java SDK prior to 1.11.4 allows execution of arbitrary code, impacting large-scale data processing. Users are advised to upgrade to version 1.11.4 or 1.12.0. Vulnerability exists in deserializing input via Avro schema, affecting organizations mainly in the US. Mitigations include sanitizing schemas … Read more
September 26, 2024 at 09:56AM WordPress.org has banned WP Engine from accessing its resources and delivering plugin updates, leaving end-users vulnerable to potential hacks. The conflict between the two involves alleged alteration of WordPress core feature for profit, legal disputes, and criticism. Users are advised to seek alternative hosting providers due to the uncertain resolution. … Read more