Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

How AI and politics hampered the secure open-source software movement

In November 2021, a zero-day vulnerability in a ubiquitous piece of open-source code stunned the technology industry and set ...
ZDNet

Canonical's OpenJDK builds promise Java devs more speed - and a whopping 12 years of ...

With Ubuntu Pro, Canonical's OpenJDK build includes 12 years of support. 'Chiseled' builds are faster, more secure than other OpenJDK builds. Canonical is aligning Ubuntu's and OpenJDK's release ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...