Hidden dependencies and social engineering attacks can contribute to the insecure use of open-source software in 2025.

Veracode says its acquisition of software supply chain security startup Phylum will enhance its capabilities around ...

Package Reputation is an essential capability for organizations seeking to secure their software supply chain. By analyzing ...

A supply chain attack targeting key components of the Ethereum development ecosystem has affected the Nomic Foundation and ...

OSS’s strengths are also its greatest weaknesses. Unlike proprietary software, where the source code is tightly controlled, OSS is publicly available. While this openness fosters innovation, it also ...

Application security company Veracode Inc. today announced that it had acquired certain assets from software supply chain ...

Among the most pressing of these risks is the AI software supply ... exploiting gaps in the AI supply chain. These security vulnerabilities stem not from "lazy" open-source development but from ...

To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools ...

The acquisition enhances Veracode’s ability to identify and block malicious code in open-source libraries ... about the acquisition and software supply chain security, contact the Veracode ...

Recently, DevOps professionals were reminded that the software supply chain is rife with ... working to improve the security of software, through community-led open-source projects including ...

Technology Acquisition Delivers Automated Malicious Package Analysis, Detection, and Mitigation in Open-source Code ... the acquisition and software supply chain security, contact the Veracode ...