Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
InfoWorld

Open source registries signal shift toward paid models as AI strains infrastructure

The foundations said in their blog post that automated CI systems, large-scale dependency scanners, and ephemeral container ...
Developer Tech

XZ attack reveals unlearned open-source security lessons

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.
GitHub

Skija: Java bindings for Skia

Skia is an open source 2D graphics library which provides common APIs that work across a variety of hardware and software platforms. custom UI widget libraries and whole toolkits, graphs, diagrams, ...