The open-source ecosystem is being overrun by malicious packages, a new report from Sonatype finds.

The vulns would allow attackers to run any commands on targeted computers without user knowledge. But it would take a lot of work to get to that…

The volunteers that maintain open-source software have always been knocked around by the tech community. The Jia Tan hack made it all so much worse.

The Biden administration is looking to understand just how widespread open-source software is in critical infrastructure.

The OpenSSH bug represents the latest high-profile vulnerability to affect the open-source software ecosystem.

A report from Binarly finds that a silently patched bug in a popular web server will likely live on in several major end-of-life products.

An operation to undermine the software utility XZ Utils has exposed the fragile human foundations on which the modern internet is built.

The effort is aimed at reducing one of the most common vulnerabilities that plague software.

End-of-year report highlights work from Open-Source Software Security Initiative and targets going forward.

Cybersecurity officials also issued new guidance on open source software through secure-by-design practices.