The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws.

More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.’s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means ...

More than half (52%) of critical open source projects contain code written in a memory-unsafe language, according to a new analysis by the Cybersecurity and Infrastructure Security Agency (CISA) in ...

Some open-source projects, such as Curl, have given up on CVEs entirely. As Daniel Steinberg, leader of Curl, said, "CVSS is dead to us.Also: Why Mark Zuckerberg wants to redefine open source so badly ...

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to codebases anytime soon.

"I do think [that it's] important to just underscore how prevalent open source is," notes Eng. Gartner data shows that 95% of enterprises use open source code in their internal projects, he says.

Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, eCommerce, manufacturing) is publicly available as a result of ...

The Linux Foundation and OpenSSF project, with backing from Microsoft and Google, aims to improve security of 10,000 open-source projects.

As recently as a few weeks ago, an extortion group known as Lapsus$ was on every security analysts’ lips: they had stolen and leaked source code from some of the biggest tech companies in the world, ...

Open source security trends for 2025 For his work, Hughes defined open source as software for which source code is freely available and can be used to build other projects, possibly with some ...