LinuxInsider

Is a Security Baseline Enough for Open-Source Software?

In February, The Linux Foundation’s Open Source Security Foundation (OpenSSF) initiated the Open Source Project Security Baseline (OSPS Baseline) to establish minimum security requirements for ...
CSOonline

Open Source

Caught before it could do widespread damage, the sophisticated vulnerability could have been one of the highest-impact software supply chain breaches to date.
The Hacker News

The State of Trusted Open Source

Analysis shows most security risk sits in longtail open source images, with 98% of CVEs outside top projects & Critical flaws ...
Morningstar

Malware Targeting Developers Reaches 845K Packages According to Sonatype Open Source Malware Index

Fulton, Md., July 08, 2025 (GLOBE NEWSWIRE) -- Sonatype ®, the end-to-end software supply chain security company, today released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 ...
SDxCentral

CNCF Accepts Kubescape as Inaugural Open Source Security Scanner

Armo's open source security project Kubescape is now part of the Cloud Native Computing Foundation's (CNCF) sandbox in an attempt to "become that free, open source, end-to-end security platform," ...
Security Boulevard

The Myth of Linux Invincibility: Why Automated Patch Management is Key to Securing the Open Source Enterprise

Users and developers have hailed Linux as the operating system that "just works," celebrating it for decades as a symbol of open source strength, speed, ...