Bleeping Computer

GitHub Security Alerts Now Support Python Projects

GitHub has updated its security alerts feature this week to support Python projects, after previously supporting JavaScript and Ruby. The feature, which launched last November, works by analyzing a ...
ZDNet

More than 75% of all vulnerabilities reside in indirect dependencies

The vast majority of security vulnerabilities in open-source projects reside in indirect dependencies rather than directly and first-hand loaded components. "Aggregating the numbers from all ...
ZDNet

Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google

Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package Analysis Project is one of the software supply ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
Dark Reading

Open Source Security Priorities Get a Reshuffle

Open source components aimed at connecting applications to cloud resources and those written in Python have jumped up the list of critical packages, according to the latest rankings of the open source ...
Dark Reading

Java, .NET Developers Prone to More Frequent Vulnerabilities

More than three-quarters of applications written in Java and .NET have at least one vulnerability from the OWASP Top 10, a list of software weaknesses that developers typically use as a baseline for ...