Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Securing the Code Factory: Why SDLC Infrastructure Has Become a Core Cloud Risk

For years, software security focused on the final product: the code that ships. Today, attackers are increasingly targeting ...
Forbes

Five Myths About Open-Source Software

John Ellis is the President and Head of Product for Codethink, a world-class provider of critical, high-performance software projects. Open-source software is publicly available software developed and ...

Kusari Brings Enterprise-Grade AI Code Review & Dependency Management to CNCF and OpenSSF Communities

Kusari Inspector is now free to CNCF and OpenSSF projects, delivering AI-powered dependency, license and security ...
Business Wire

Lineaje Redefines Software Supply Chain Security with Agentic AI-Driven Risk Elimination, Gold Open Source and SCA360

SARATOGA, Calif.--(BUSINESS WIRE)--Lineaje, the full-lifecycle software supply chain security company, today launched end-to-end capabilities that will fundamentally transform how organizations ...

Open source isn't a tip jar – it's time to charge for access

Opinion Time and again, I see people begging for companies with deep pockets to fund open source projects. I mean, after all, ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Bleeping Computer

Winamp releases source code, asks for help modernizing the player

The iconic Winamp media player has fulfilled a promise made in May and released its complete source code on GitHub, inviting developers to collaborate on the project. Winamp is a media player launched ...
MediaNama

What DoT’s continued push for source code access mean for manufacturers

The March 2026 ITSAR update suggests that makers of IoT devices like vehicle tracking devices have to provide source code ...
Wired

Vibe Coding Is the New Open Source—in the Worst Way Possible

Just like you probably don't grow and grind wheat to make flour for your bread, most software developers don't write every line of code in a new project from scratch. Doing so would be extremely slow ...