open-source

How to manage vulnerabilities when developing or using open-source software.

How the AI boom and increasing reliance on open-source components are piling up corporate security debt — and what you can actually do about it.

In 2025, just as in the year prior, supply-chain attacks remained one of the most severe threats facing organizations. We’re breaking down last year’s most noteworthy incidents.

How open-source security solutions became the starting point for a massive attack on other popular applications, and what organizations that use them should do.

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.

While open-source projects let you build almost any infosec solution, it’s crucial to realistically assess your team’s resources and the time it would take to achieve your goals.

We discovered over 200 repositories with fake projects on GitHub. Using them, attackers distribute stealers, clippers, and backdoors.

We look at the most notable supply-chain attacks of 2024.

Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository.

Can you catch malware by downloading files from Microsoft’s repositories on GitHub? Turns out, you can. Stay alert!

We take an in-depth look at securing and configuring containerization systems.

Open-source applications require proper implementation and maintenance; otherwise a company could face many threats. We highlight the key risks.

Business is actively moving over to open-source solutions. How can the transition be made successfully, and what are the risks to consider?

A Chaos Communication Congress speaker reflects on whether using open-source hardware can solve trust problems in hardware.

A supply-chain attack against Copay cryptowallets through an open-source library enables bitcoin theft.