Source
-
Blog
North Korean IT workers steal source code to extort employers
The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. The security service alerted public and private sector organizations in the United States and worldwide that North Korea’s IT army will facilitate cyber-criminal activities and demand ransoms not to leak online exfiltrated…
Read More » -
Blog
HPE investigates breach as hacker claims to steal source code
Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company’s developer environments. The company has told BleepingComputer that it hasn’t found any evidence of a security breach, but it is investigating the threat actor’s claims. “HPE became aware on January 16 of claims being made by a group…
Read More » -
Blog
What’s Next for Open Source Software Security in 2025?
Open-source software is common throughout the tech world, and tools like software composition analysis can spot dependencies and secure them. However, working with open source presents security challenges compared with proprietary software. Chris Hughes, chief security advisor at open-source software security startup Endor Labs, spoke to TechRepublic about the state of open-source software security today and where it might go…
Read More » -
Blog
Want a return on your AI investment? Open source could be the key to success
Almost half of companies have seen a return on investment (ROI) on their AI strategy, according to new research, and those using open source tools are more likely to see a positive result. In a recent survey from IBM and Morning Consult, the vast majority (89%) said their organization plans to increase or maintain their AI investments in 2025, a…
Read More » -
Blog
The open source industry is booming as firms invest billions in ecosystem each year
The open source software industry is booming, according to recent analysis, with organizations now investing around $7.7 billion in the ecosystem each year. Researchers from GitHub, the Linux Foundation, and the Laboratory for Innovation Science at Harvard (LISH) found the median investment in open source now stands at $520,600 on a business-by-business basis. This isn’t all direct funding, however, with…
Read More » -
Blog
Run.ai software will be made open source in wake of Nvidia acquisition
Run:ai has confirmed its acquisition by Nvidia has been successful, adding that the chip giant plans to make its AI optimization tools open source so it can work across a wider variety of systems beyond Nvidia’s own GPUs. Founded in 2018, Run:ai develops software to help support AI infrastructure, building a platform on Kubernetes, the orchestration layer for much of…
Read More » -
Blog
AI ‘slop security reports’ are driving open source maintainers mad
Open source project maintainers are drowning in a sea of AI-generated ‘slop security reports’, according to security report triage worker Seth Larson. Larson said he’s witnessed an increase in poor-quality reports that are wasting maintainers’ time and contributing to burnout. “Recently I’ve noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open source projects. The issue is…
Read More » -
Blog
Want to Contribute to Open Source Software? Here’s How to Get Started
Did you know you can contribute to many open-source projects without being an expert on GitHub, Git, or coding? Whether or not you’re an experienced programmer, you can learn how to use the most popular source code host in the world in just a few short steps. What Is Git and What Is GitHub? Git is the world’s leading version…
Read More » -
Blog
Open source malware surged by 156% in 2024
The growth of open source malware has continued apace in 2024, according to new research, with cyber criminals taking advantage of the proliferation of open source software. A report from software supply chain management firm Sonatype found there was a 156% increase in malicious packages identified on open source repositories over the past year. Sonatype has identified 778,529 malicious open…
Read More » -
Blog
big source of traffic is AI crawlers – Computerworld
One big source of traffic, it noted, is AI crawlers, which are increasingly under scrutiny as they scan the web and gobble up voluminous amounts of data to train large language models (LLMs). A big concern is that some take data even when they’re not supposed to, as opposed to “verified” good bots that typically come from search engines and…
Read More »