SEARCH
Archive
Carefully Crafted Campaign Led to XZ Utils Backdoor
The person or people that implanted malicious code into XZ Utils put time and effort into building trust in the open source software ecosystem.
Red Hat, CISA Warn of XZ Utils Backdoor
The malicious code (which is being tracked as CVE-2024-3094) is embedded in XZ Utils versions 5.6.0 and 5.6.1, and may allow unauthorized access to impacted systems.
Tech Leaders, Federal Officials Seek a Way Forward for Open Source Security
White House officials and leaders from Apple, Google, GitHub, and other companies met to discuss ways to improve the security of open source projects critical to national security.
Securing the Open Source Software Supply Chain
Improving the security of the open source software supply chain will require better understanding of dependencies, and cooperation from developers and users.
Keeping Dependencies Straight in the Software Supply Chain
The nature of modern software development is that development teams have to rely on "blind trust" for some of the code components written by someone else. A new attack method showed how build systems could be tricked into pulling code from the wrong projects.