Following the 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

You're currently following this author! Want to unfollow? Unsubscribe via the link in your email. Follow Rosalie Chan Every time Rosalie publishes a story, you’ll get an alert straight to your inbox!

Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the ...

Microsoft will soon control more of the open source software development ecosystem. GitHub, which Microsoft bought in 2018, said Monday that it will acquire NPM, which offers a crucial service for ...

Open source repositories are critical to running and writing modern applications, but beware — carelessness could detonate mines and inject backdoors and vulnerabilities in software infrastructures.

Open-source software components now often comprise at least 80 percent of modern software applications, according to the best available estimate. They run the web servers that allow you to read this ...

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...

The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious ...

Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar ...