Business Wire

Endor Labs Unveils New Research on Impact of Open Source Software on Supply Chain Security

The problem isn’t necessarily the widespread use of existing open source code in new applications; it is that only a small sampling of these software dependencies are actually selected by the ...
TechRepublic

Software Supply Chain Security Attacks Up 200%: New Sonatype Research

Software Supply Chain Security Attacks Up 200%: New Sonatype Research Your email has been sent Attacks on open source software to spread malicious packages Fighting vulnerabilities in open source ...
Dark Reading

Log4j Highlights Need for Better Handle on Software Dependencies

It's a new year and the cybersecurity community now faces the long-term consequences of yet another software supply chain security nightmare. After a year full of application security zero-day fallout ...
techtimes

Top 5 Software Composition Analysis Tools for 2025

Software Composition Analysis, or SCA, is a type of software security tool that focuses on analyzing open-source components within a codebase. When developers create software, they often include ...
CSOonline

AI development pipeline attacks expand CISOs’ software supply chain risk

Malicious campaigns targeting code used by developers of AI applications underscore the need to develop comprehensive risk-based programs around software dependencies and components. Widespread flaws ...
Security

The vulnerabilities of PyTorch-nightly

The supply chain plays a curious role in modern the enterprise. We know it’s important, and understand how, in a global economy with components coming from all kinds of places, it’s incredibly ...
AFCEA

Have Developers Become Overly Dependent on Dependencies?

One often-overlooked aspect of software development is how much programmers rely on open source libraries and packages for prewritten functions. Instead of writing code from scratch, or even copying ...