CVE Foundation Launched to Secure the Future of the CVE Program
Learn more in our full report: https://www.linuxfoundation.org/research/cra-readiness?hsLang=en
AI security, SBOM tooling, real-world TTX, and more — all in one day.
#CyberSecurity #OpenSourceSecurity
Inside the Silence: The Daemon Watches You #Cybersecurity #HackerMindset #ThreatIntelligence #DigitalSurveillance #PersistentThreats #CyberAwareness #SmallBusinessSecurity #Infosec #CyberThreats #SecurityTips #OPSEC #CyberDefense #AttackSurface #DigitalPrivacy #OpenSourceSecurity #ThreatModeling #CyberProtection #SecurityStrategy #AdversaryEmulation #SecurityAwareness
http://tomsitcafe.com/2025/04/09/%f0%9f%95%b6%ef%b8%8f-inside-the-silence-the-daemon-watches-you/
AI is transforming vulnerability management.
Discover how AI-powered Software Posture Management (SPM) is changing the game for vulnerability detection and remediation. From proactive risk management to smarter decision-making, learn how enterprises can secure their software supply chains with confidence.
Read the blog to explore the future of AI in vulnerability management: https://www.activestate.com/uncategorised/ai-spm-vulnerability-management-detection/
Whispers in the Wire: Cybersecurity for Small Businesses in a World of Big Threats #Cybersecurity #SmallBusinessSecurity #DigitalDefense #ITSecurity #OpSec #CyberHygiene #DataProtection #InfoSec #PhishingAwareness #MFA #Backups #PasswordSecurity #OpenSourceSecurity #RansomwareProtection #DeadSwitch #TomsITCafe #PrivacyMatters #ThreatIntel #CyberResistance #SecureByDesign
This episode of #OpenSourceSecurity talks to @predrag about cargo-semver-checks
it's a #Rust tool that can help you figure out if you broke #semver, it's pretty awesome
We also touch on the difficulty of detecting breaking changes, sustainable open source, and what's to come for semver checking
It's a fun chat and you'll learn a lot
https://opensourcesecurity.io/2025/2025-04-cargo-semver-checks-predrag-gruevski/
Microsoft AI Security Copilot Finds Hidden Flaws in GRUB2 and Other Bootloaders
#Cybersecurity #Microsoft #SecurityCopilot #GRUB2 #Uboot #Barebox #AI #OpenSourceSecurity #UEFI #Linux #VulnerabilityResearch
I spoke with @liw on #OpenSourceSecurity about two really cool projects he's working on
Ambient is a distributed CI/CD system written in Rust
@radicle is a distributed Git Forge
It's a really fun chat and I learned a lot
https://opensourcesecurity.io/2025/2025-03-ambient-radicle-lars-wirzenius/
Sophisticated npm Attack Highlights Software Supply Chain Vulnerabilities
#npmattack
#softwaresupplychain
#cybersecurity
#opensourcesecurity
#maliciouspackages
I chatted with @firstyear about FIDO authentication on #OpenSourceSecurity, especially the FIDO Metadata Service. I learned a ridiculous amount about U2F, WebAuthn, and FIDO in this conversation
https://opensourcesecurity.io/2025/2025-03-fido_auth_william_brown/
This week on #OpenSourceSecurity I chat with Brian Fox from Sonatype about open source malware
The volume of malware is continuing to grow, and we don't have amazing answers today
The first step is to understand the problem
https://opensourcesecurity.io/2025/2025-03-oss_malware_brian_fox/
This episode of #OpenSourceSecurity talks to Kelley Misata of @suricata
The foundation model behind Suricata is fascinating, the conversation has a ton of lessons on how to run sustainable open source projects
https://opensourcesecurity.io/2025/2025-03-oss_foundations_kelley_misata/
This episode #OpenSourceSecurity talks to @sheogorath about forking open source projects
It's a lot more complicated than you think it is, and Sheogorath has some first hand experience from one of the most complicated forks I've ever seen in HedgeDoc
It's a fun chat filled with lessons
https://opensourcesecurity.io/2025/2025-02-fork_open_source_sheogorath/
This episode #OpenSourceSecurity spoke with Aaron Frost from HeroDevs about patching EOL #OpenSource (nobody is going to do this for free)
This one has a special place in my heart as I did this at Red Hat long ago. It was a fun chat
https://opensourcesecurity.io/2025/2025-02-patching_EOL_OSS_aaron_frost/
This episode of #OpenSourceSecurity we talk to François Proulx about CI/CD security. Even though many successful supply chain attacks have originated in CI, we keep obsessing over dev and release. Why do we keep ignoring the middle? (TL;DR it's hard)
https://opensourcesecurity.io/2025/2025-02-ignoring_ci_security_francois_proulx/
Exciting news from ActiveState! We're proud to launch our market-first Vulnerability-Management-as-a-Service (VMaaS). This innovative offering combines ASPM with Intelligent Remediation to transform how organizations manage open source security. Empower your DevSecOps teams to secure the software supply chain efficiently and effectively.
Discover more about how VMaaS can benefit your organization: https://www.activestate.com/resources/press-releases/activestate-delivers-market-first-vulnerability-management-as-a-service-for-securing-the-open-source-software-supply-chain/
This week #OpenSourceSecurity chat with Marc Boorshtein. we chat about what modern day Single Sign-On (SSO) looks like. Everyone likes to talk about zero trust, but how does that work? Marc gives us some good real world advice for how we should be adding authentication to our apps and services
https://opensourcesecurity.io/2025/2025-02-modern_day_authentication_with_marc_boorshtein/
On this episode of #OpenSourceSecurity I chat with Richard (Dick) Brooks about government security requirements.
There's a lot up in the air right now, and at the moment it doesn't seem like it's going to drastically affect open source developers, but it will certainly affect many of us in our day jobs.
Dick has a lot of insight into what exists today and what's coming next
https://opensourcesecurity.io/2025/01-government_security_requirements_with_dick_brooks/
