How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?

I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical “business logic”. (This could be any other language and the exact same problem would still stand; I’m just stating what I perso… Continue reading How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?

Is there a standard way to check if a requirements.txt has potential security issues?

Every open code repository has security issues. Attackers can use three ways to sneak malware in:

Abuse typos: Create a package with a similar name, but the package is malware
Malware + useful code: The library actually pro… Continue reading Is there a standard way to check if a requirements.txt has potential security issues?

Software development analytics platform Sourced launches an enterprise edition

Sourced, or source{d}, as the company styles its name, provides developers and IT departments with deeper analytics into their software development lifecycle. It analyzes codebases, offers data about which APIs are being used and provides general information about developer productivity and other metrics. Today, Sourced is officially launching its Enterprise Edition, which gives IT departments […] Continue reading Software development analytics platform Sourced launches an enterprise edition

Advancing Open Source Innovation in Cybersecurity

OIN seeks to secure the inclusion of open source in technology without fear of litigation from patent trolls Due to the convergence of an escalation in the number of security vulnerabilities, an increase in hacker capabilities and tools and new legisl… Continue reading Advancing Open Source Innovation in Cybersecurity