SiliconANGLE

Coverity Security Report: Open source projects severely in need security programs

In today’s IT environments, security has become a major concern. Despite recent reports of software vulnerabilities in open source code, including Shellshock, the OpenSSL Heartbleed and GoToFail, ...
ZDNet

Open-source security: Zip Slip critical flaw hits thousands of projects. Update now

Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle ...
Dark Reading

How Hackers Infiltrate Open Source Projects

The open source software that the vast majority of organizations include in their critical applications is vulnerable to exploitation from threat actors taking part in its creation. That's the message ...
ZDNet

Microsoft: Application Inspector is now open source, so use it to test code security

Microsoft has released the Microsoft Application Inspector, a cross-platform open-source command-line tool that its engineers use to quickly probe third-party open-source software components for ...
InfoQ

Matt Tesauro on OWASP Web Testing Environment (WTE) Project

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Jinsong Yu shares deep architectural insights ...
CNET

IBM donates code to open-source project

Software consortium Eclipse says Big Blue's contribution will form the basis of its Visual Editor Project. But Java steward Sun is not yet ready to join the effort. Martin LaMonica is a senior writer ...
InfoWorld

How to upstream code to open source projects

Upstreaming can improve your code, simplify development, and lighten your maintenance burden. Follow these best practices when donating code and reap the benefits. Code commonly flows downstream, from ...