Endor Labs today released The 2024 Dependency Management Report, which consolidates extensive original and third-party research into the current state of security in the software dependency lifecycle ...

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies. The Open Source Security Foundation (OpenSSF) has released ...

Virtually every application today relies on dozens — and sometimes hundreds — of open-source components. Many of those get updated at a rapid clip in order to introduce new features and to fix ...

Modern software runs on open source. In fact, “free” and open source software generates more than $500 billion in annual value in the U.S. alone and an estimated $8.8 trillion in total global value.

The latest trends and issues around the use of open source software in the enterprise. Sonatype describes itself as the company that scales DevOps through open source governance and software supply ...

The idea of a lone programmer relying on their own genius and technical acumen to create the next great piece of software was always a stretch. Today it is more of a myth than ever. Competitive market ...

Europe’s tech ambitions face a choice. One could lead to global influence through open source collaboration. The other risks creating regional walls that weaken everyone. When I sat down with Gabriele ...

Dependency confusion is a newly discovered logic flaw in the default way software development tools pull third-party packages from public and private repositories. Attackers can take advantage of this ...