SiliconANGLE

New repository aims to illuminate open-source package vulnerabilities and malicious code

The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing cross-ecosystem reports of malicious packages. Claimed to be ...
TechCrunch

Google’s Cloud Source Repositories gets better search tools

Google today announced an update to Cloud Source Repositories, its recently relaunched Git-based source code repository, that brings a significantly better search experience to the service. This new ...
Ars Technica

Using repositories vs complie from source

I've been learning two methods for installing applications in Linux, compile from source, or install using a repository. The second method is much easier but I wonder what is really the suggested ...
CSOonline

Dependency confusion explained: Another risk when using open-source repositories

Dependency confusion is a newly discovered logic flaw in the default way software development tools pull third-party packages from public and private repositories. Attackers can take advantage of this ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
Computerworld

Should open-source repositories block nations under U.S. sanctions?

Arabcrunch has accused major open-source repository SourceForge of blocking all access to software projects it hosts for anyone in Syria, Sudan, Iran, North Korea and Cuba. Not surprisingly, this ...