Yahoo Finance

Introducing Chainguard Libraries: Guarded Java Language Dependencies Built from Source

New product line provides a catalog of the 20,000 most popular Java projects with end-to-end integrity, furthering Chainguard's mission to be the safe source for open source "Developers need a better ...
Dark Reading

The Log4j Flaw Will Take Years to Be Fully Addressed

More than 80% of Java packages affected by the vulnerability in the Apache Log4j library cannot be updated directly and will require coordination between different project teams to address the flaw. A ...
ZDNet

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain. The challenge ...
CSOonline

Dependencies in LLM packages open apps to vulnerabilities: Report

Open-source packages with large language model (LLM) capabilities have many dependencies that make calls to security-sensitive APIs, according to a new Endor Labs report. As applications increasingly ...
Dark Reading

Open Source Software Projects Up Their Security Game but Face More Attacks

Open source software projects - the underpinnings of the global software ecosystem - are getting better at more quickly updating vulnerable dependencies, but at the same time they face more ...