It can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed, researchers say.

The combination of open-source software with artificial intelligence is opening up new possibilities for custom software ...

Hidden dependencies and social engineering attacks can contribute to the insecure use of open-source software in 2025.

For years, developers of free, open-source software have been telling anyone who will listen that their projects needs better financial assistance and more oversight. Now, after a number of ...

The nation’s cyber defense agency wants to play a key role in hardening the broader open source software security ecosystem.

In the months since, the Cybersecurity and Infrastructure Security Agency has promoted the use of a software bill of materials as a step to secure open-source software.

How safe is that open-source software in the Git library, the one with the questionable history? Scorecard 2.0 can quickly tell you just how secure, or not, it really is.

One year after the Log4j disaster, open source community efforts and new developer toolchains are addressing the challenges of software supply chain security.

The Office of the National Cyber Director wants software providers to "contribute back to the security of the open source software they depend upon." ...

The SolarWinds & Log4j hacks showed open source vulnerabilities. A study looks at the open source community’s efforts to “credit-rate” risk.

U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, have introduced bipartisan legislation to help protect ...