LinuxInsider

Is a Security Baseline Enough for Open-Source Software?

In February, The Linux Foundation’s Open Source Security Foundation (OpenSSF) initiated the Open Source Project Security Baseline (OSPS Baseline) to establish minimum security requirements for ...
SDxCentral

CNCF accepts Kubescape as inaugural open source security scanner

Armo's open source security project Kubescape is now part of the Cloud Native Computing Foundation's (CNCF) sandbox in an attempt to "become that free, open source, end-to-end security platform," ...
Ars Technica

Open source project curl is sick of users submitting “AI slop” vulnerabilities

“A threshold has been reached. We are effectively being DDoSed. If we could, we would charge them for this waste of our time,” wrote Daniel Stenberg, original author and lead of the curl project, on ...
Dark Reading

DARPA: Closing the Open Source Security Gap With AI

Open source components continue to cause huge problems for security practitioners, and AIxCC was created to determine whether automation could help close the gap. At DEF CON 33, DARPA announced the ...
InfoWorld

Open source maintainers are being targeted by AI agent as part of ‘reputation farming’

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...