February 5, 2024 at 06:06PM Google has pledged $1 million to the Rust Foundation to enhance interoperability between Rust and C++ code. This investment aims to expand the adoption of Rust across various components of the platform, with Android benefiting from its memory-safe programming language. Google’s support will also help launch a new ‘Interop’ initiative … Read more
February 5, 2024 at 06:06PM Google has released an AI-aided fuzzing framework in open source to help find vulnerabilities faster. The tool leverages large language models to generate fuzz targets and has resulted in a 30% increase in code coverage for over 300 projects. The framework allows experimentation and testing of fuzz targets and also … Read more
January 29, 2024 at 01:03AM Cybersecurity researchers have detected malicious packages on the PyPI repository containing a data-stealing malware, WhiteSnake Stealer, targeting Windows and Linux systems. The packages, uploaded by a threat actor named “WS,” incorporate encoded source code and aim to exfiltrate sensitive data and crypto wallet information. This discovery highlights the threat of … Read more
January 25, 2024 at 11:48AM The growing use of open source software expands into the AI market. Venafi offers Stop Unauthorized Code Solution for traditional OSS, while Protect AI’s Guardian secures open source machine learning models. Both products aim to tackle the unique security challenges of their respective markets. They operate as crucial security measures … Read more
January 18, 2024 at 12:37PM Haier issued a takedown notice to a developer for creating Home Assistant integration plugins for its home appliances on GitHub. The developer received a legal threat demanding the removal of the tools citing unauthorized use and significant economic harm. The plugins, although open-source, may incorporate Haier’s intellectual property. Haier’s actions … Read more
January 18, 2024 at 10:00AM Kusari, a software supply chain security startup, has secured $8 million in pre-seed and seed funding led by J2 Ventures and Glasswing Ventures, with support from Unusual Ventures. Founded by members of OpenSSF and CNCF, Kusari aims to provide transparency in the software supply chain with its GUAC tool, reducing … Read more
December 15, 2023 at 08:36AM Zoom unveiled an open source Vulnerability Impact Scoring System (VISS) to help organizations assess and prioritize vulnerabilities based on actual exploitation. The system, designed to complement the Common Vulnerability Scoring System, led to increased reports of critical vulnerabilities during testing and analyzes vulnerabilities based on 13 impact aspects. It remains … Read more
December 11, 2023 at 10:06AM Two years after the Log4Shell vulnerability disclosure, around 1 in 4 applications still rely on outdated Log4j libraries, making them susceptible to exploitation. While some developers promptly updated the libraries, a significant proportion remain vulnerable. Urgent action was effective, but there’s still a need for more rigorous open source security … Read more
December 11, 2023 at 05:20AM VictoriaMetrics, an unusual monitoring company, has yet to accept external investment and is committed to growing organically. Co-founder Roman Khavronenko emphasizes the negative impact of investor pressure on startups. The company prioritizes open source offerings, embracing the Apache 2 license and providing enterprise tools under a free trial. Khavronenko also … Read more
November 28, 2023 at 05:08PM Researchers have discovered three unpatched vulnerabilities in Ray, an open source framework used for scaling AI and machine learning workloads. These vulnerabilities could allow attackers to gain operating system access, execute remote code, and escalate privileges. Anyscale, the company that sells a managed version of Ray, has not yet addressed … Read more