TechCrunch

DeepSeek to open source parts of online services code

Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week. DeepSeek will open source five code repositories that have been ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
TechRepublic

Top 10 open-source security and operational risks of 2023

Top 10 open-source security and operational risks of 2023 Your email has been sent Many software companies rely on open-source code but lack consistency in how they measure and handle risks and ...
Ars Technica

PyPI halted new users and projects while it fended off supply-chain attack

PyPI, a vital repository for open source developers, temporarily halted new project creation and new user registration following an onslaught of package uploads that executed malicious code on any ...
TechRepublic

Best GitHub Alternatives for Developers

GitHub is a popular version control and collaboration platform with a large, loyal following that helps software developers manage their code efficiently. While GitHub excels in many areas, such as ...
CSOonline

NIST provides solid guidance on software supply chain security in DevSecOps

Key recommendations from the NIST’s latest guidance and why they are relevant to modern organizations developing and delivering software. Software supply chain (SSC) attacks continue to be one of the ...