Vulnerabilities go unnoticed by users of open-source software far too often
Every year, Sonatype takes a good look at the software supply chain. In this year's State of the Software Supply Chain report, researchers report that many more malicious packages have been discovered than before. At the same time, a version with a fix is almost always available. Sonatype also foun... Read more
Germany will ban 5G components from Huawei and ZTE
The move is not due to the threat of espionage, but rather to avoid "dependency"
Following a trend set by the US and UK, the German government is now also planning to forbid telecoms operators from using certain components from Chinese companies Huawei and ZTE in their 5G networks, according to ... Read more
Ethical hacker cracks software from Apple and Microsoft
A security researcher has found a problem with the way many programming languages deal with dependencies. By creating new public packages with the same names as those used internally by companies, he managed to add code to the companies' software.
In his blog, researcher Alex Birsan writes that ... Read more