Open source is not insecure

Open source is not insecure

Frank Crane wasn’t talking about open source when he famously said, “You may be deceived if you trust too much, but you will live in torment if you don’t trust enough.”But that’s a great way to summarize today’s gap between how open source is actually being consumed,...
Open source is not insecure

Feds seek attestation on secure software

The US federal government has released a software attestation form intended to ensure that software producers partnering with the government leverage minimum secure development techniques and tool sets.The form was announced March 11 by the Department of Homeland...
Open source is not insecure

Biden executive order protects personal data

President Joseph Biden has issued an executive order intended to protect Americans’ sensitive personal data from exploitation from countries of concern including China, Russa, Iran, and North Korea.Issued February 28, the order authorizes the attorney general to...
Open source is not insecure

GitHub rolls out push protection on public repos

GitHub has begun rolling out push protection for all of its users, a secrets scanning feature that gives users the option to remove secrets from commits or bypass a block.The policy, announced February 29, affects supported secrets. It might take one to two weeks for...
Open source is not insecure

Why passkeys will replace passwords

With the growth of sophisticated attacks against critical software and infrastructure systems, multi-factor authentication (MFA) has emerged as a critical layer of defense against unauthorized access. An increasing number of enterprise and developer-facing technology...