South Florida Reporter

WordPress.org blog: WP Packages is Working the Way Open Source Should

When WP Engine acquired WPackagist on March 12, the WordPress developer community faced a familiar question: what happens ...
9to5google

Google Cloud launches Cloud Source Repositories beta for developers

When Google Code, Google’s free hosting for open source projects, began shutting down in 2015, the developer community was reasonably upset. Google seems to have taken some of that criticism to heart ...
TMCnet

Chainguard Launches the First Unified Repository for Secure-by-Default Open Source Artifacts

AI coding tools and autonomous agents are generating more code, pulling in more dependencies, and interacting with open source at a scale humans have never seen before," said Dan Lorenc, CEO and ...
SiliconANGLE

New repository aims to illuminate open-source package vulnerabilities and malicious code

The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing cross-ecosystem reports of malicious packages. Claimed to be ...
TechCrunch

Google’s Cloud Source Repositories gets better search tools

Google today announced an update to Cloud Source Repositories, its recently relaunched Git-based source code repository, that brings a significantly better search experience to the service. This new ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
Ars Technica

Using repositories vs complie from source

I've been learning two methods for installing applications in Linux, compile from source, or install using a repository. The second method is much easier but I wonder what is really the suggested ...
SiliconANGLE

Security researcher breaches Apple, Microsoft and others by exploiting open-source repositories

A security researcher has uncovered a security vulnerability that allowed him to run code on internal systems belonging to major companies, including Apple Inc., Microsoft Corp., Netflix Inc., PayPal ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
ZDNet

Open-source repository hits 2,000 apps

An EU platform for exchanging free and open-source code now offers more than 2,000 applications for use by public bodies in the region. The EU Open Source Observatory and Repository (Osor.eu) ...
Computerworld

Should open-source repositories block nations under U.S. sanctions?

Arabcrunch has accused major open-source repository SourceForge of blocking all access to software projects it hosts for anyone in Syria, Sudan, Iran, North Korea and Cuba. Not surprisingly, this ...
Nextgov

Bypassing Procurement Can Introduce Some Unwanted Visitors

The federal IT procurement safety net may be developing some holes. Many federal developers are forgoing traditional software purchasing in favor of going directly to the source and downloading code ...