Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

Chainguard launches trusted collection of verified JavaScript libraries

Chainguard Libraries for JavaScript include builds that are malware-resistant and built from source on SLSA L2 infrastructure ...
MUO on MSN

I use this simple workflow to turn my random web reading into a library I can actually use

Obsidian’s powerful search and tagging functionality is what makes this setup so convenient to use. One way I like to use my ...

Syncfusion restructures Essential Studio into multiple different suites to provide greater flexibility for developers

Syncfusion Essential Studio 2025 Volume 3 features a reorganization of the entire suite, splitting it up into multiple ...
Developer Tech

XZ attack reveals unlearned open-source security lessons

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.