Not Managing Open Source Opens Door for Hackers April 30, 2019 https://www.infosecurity-magazine.com/news/not-managing-open-source-opens-1/
The Truth About Vulnerabilities in Open Source Code July 18, 2019 https://www.darkreading.com/edge/th...rabilities-in-open-source-code/b/d-id/1335187
Top 5 Open Source Security Risks You Should Know About August 9, 2019 https://www.fromdev.com/2019/08/top-open-source-security-risks.html
The License and Security Risks of Using Node.js Why open source software could make your application open for exploitation August 29, 2019 https://dzone.com/articles/the-license-and-security-risks-of-using-nodejs
Open Source Software Vulnerabilities Increased By 50% In 2019: Report March 13, 2020 https://fossbytes.com/open-source-vulnerabilities-increased-50-percent-2019/ WhiteSource: The state of open source vulnerabilties 2020
70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs May 25, 2020 https://threatpost.com/70-of-apps-open-source-bugs/156040/ Veracode: State of Software Security: Open Source Edition (PDF): https://www.veracode.com/sites/default/files/pdf/resources/reports/state-of-software-security-open-source-edition-veracode-report.pdf
Vulnerabilities in popular open source projects doubled in 2019 June 8, 2020 https://www.zdnet.com/article/vulnerabilities-in-popular-open-source-projects-doubled-in-2019/ RiskSense: Open Source Software Security Vulnerabilities Doubled in 2019 According to RiskSense Spotlight Report
Open Source Security Issues Exist: Deal With Them, Report Urges June 25, 2020 https://www.technewsworld.com/story...-Exist-Deal-With-Them-Report-Urges-86729.html Information Security Forum (ISF): Cybersecurity 2020: challenges and threats to be aware of
Open Source Security's Top Threat and What To Do About It September 14, 2020 https://www.darkreading.com/risk/op...threat-and-what-to-do-about-it/a/d-id/1338857 Synopsis: 2020 Open Source Security and Risk Analysis (OSSRA) Report (PDF - 1.99 MB): https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/2020-ossra-report.pdf
Open source vulnerabilities go undetected for over four years December 3, 2020 https://www.helpnetsecurity.com/2020/12/03/open-source-vulnerabilities/ Octoverse report
Unmanaged open-source software is putting businesses at risk Most open-source code comes with known vulnerabilities, a new report argues December 9, 2020 https://www.itproportal.com/news/unmanaged-open-source-software-is-putting-businesses-at-risk/ Synopsis: Six key findings from the ‘DevSecOps Practices and Open Source Management in 2020’ report
Most Developers Never Update Third-Party Libraries in Their Software: Report June 22, 2021 https://www.securityweek.com/most-d...e-third-party-libraries-their-software-report Veracode: State of Software Security v11: Open Source Edition
Several Bugs Found in 3 Open-Source Software Used by Several Businesses July 27, 2021 https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html Rapid7: Multiple Open Source Web App Vulnerabilities Fixed
GitLab’s open source Package Hunter detects malicious code in dependencies August 2, 2021 https://venturebeat.com/2021/08/02/...unter-detects-malicious-code-in-dependencies/
5 Security Measures For Open Source Based Apps OS-based applications aren’t inherently risky and can be totally secure if you know what to do August 4, 2021 https://dzone.com/articles/security-measures-for-open-source-based-apps
Dependency Combobulator: Open source toolkit to combat dependency confusion attacks November 10, 2021 https://www.helpnetsecurity.com/2021/11/10/dependency-combobulator-open-source-toolkit/
Researchers Find Security Flaw in JsonWebToken Library Used By 20,000+ Projects By Alessandro Mascellino @a_mascellino - January 10, 2023 Palo Alto Networks - Unit42: Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529)