It can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed, researchers say.
According to GitHub’s annual State of the Octoverse report, published on Wednesday, reliance on open source projects, components, and libraries is more common than ever.
Over the course of 2020, GitHub tallied over 56 million developers on the platform, with over 60 million new repositories being created — and over 1.9 billion contributions added — over the course of the year.
“You would be hard-pressed to find a scenario where your data does not pass through at least one open source component,” GitHub says. “Many of the services and technology we all rely on, from banking to healthcare, also rely on open source software. The artifacts of open source code serve as critical infrastructure for much of the global
OPA-Based architecture eases governance across multiple cloud native technologies
From KubeCon + CloudNativeCon North America – Accurics, the cloud cyber resilience specialist, today announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize, both projects from the Cloud Native Computing Foundation (CNCF) that have gained immense popularity. This enables organizations to ensure applications on Kubernetes clusters are secure and compliant before they are deployed.
“Given the increasing scale and velocity of cloud breaches, organizations need policy guardrails to ensure that cloud native infrastructure is securely defined and managed,” said Cesar Rodriguez, creator of Terrascan and head of Developer Advocacy at Accurics. “Now, with the additional support for Helm and Kustomize, teams using Terrascan to programmatically establish Policy as Code guardrails in their high-velocity, component-based Kubernetes projects have a way to reduce security
Amid the COVID-19 pandemic, many retailers have adjusted their hours of operation and introduced safety measures, such as requiring masks to be worn and limiting capacity. Call your local store or visit their website for more information before traveling to the venue.
Below are the Veterans Day store hours for some major retailers across the country.
Most Target stores are open on Veterans Day. Opening hours vary depending on the branch but typically range from 8 a.m. to 10 p.m., seven days a week.
The retailer is offering all U.S. active-duty military personnel, veterans
Zug, Switzerland, Nov. 09, 2020 (GLOBE NEWSWIRE) — CorionX, the project that is revolutionizing and facilitating the adoption of DeFi and stablecoins with its #MoneyInTheRightDirection movement, is soon going to set a major milestone in its lifecycle. Its CORX token is going be listed on two major Decentralized Exchanges (DEXes), namely Tokenizer and Uniswap, which will fulfill a long pending demand of its community to trade the token freely, conveniently, and reliably on DEXes. In order to facilitate this, CorionX is bringing an Initial DEX Offering (IDO) through Tokenizer. That IDO will open before 16th of November, which is the date set for the listing of CORX token on Probit Exchange. After IDO the CORX token will be listed on Tokenizer, Uniswap, and Probit exchanges around the same time. Funds raised through the IDO will be used for development purposes and for providing the much-needed liquidity. In
KDDI, Rakuten Mobile and Vodafone are elected to the O-RAN ALLIANCE Board of Directors
Newly released technical specifications enrich the standards for developing O-RAN networks
O-RAN Security Task Group addresses the security aspects of open RAN
O-RAN Virtual Exhibition Provides Insights on Companies Progressing with their O-RAN Implementations
The O-RAN ALLIANCE concluded its first two years of successful operation, delivering major progress in standardizing open and intelligent Radio Access Networks (RAN).
Welcoming Rakuten Mobile as its new operator member, the O-RAN ALLIANCE now represents the leadership of 27 major carriers joining forces towards making the RAN industry truly open, intelligent, virtualized and fully interoperable. With strong support of contributors and academic contributors, O-RAN now has over 230 companies driving the definition and realization of O-RAN technology.
At its Annual General Meeting held on October 27, 2020, the O-RAN ALLIANCE Members have elected the Board of Directors for the upcoming 2-year
Without releasing a single game, Apple is one of the largest gaming companies in the world, simply by taking a cut of all transactions on its ubiquitous platform, the iPhone.
But what kicked off as a skirmish months ago when Apple banned Microsoft’s xCloud iOS app offering access to games outside its App Store has evolved into a legal war with Epic Games over its popular battle royale, Fortnite, and a fight to maintain its generous slice of the entire industry — one that has caught the attention of regulators in the U.S. and the European Union.
In a preliminary injunction hearing between Epic Games and Apple on September 28, Judge Yvonne Gonzalez Rogers of the United States District Court for the Northern District of California recommended that Apple and Epic Games consider a trial by public jury. Ultimately, Epic and Apple agreed that Epic’s claims and Apple’s counterclaims should
BRUSSELS (Reuters) – Dominant tech companies will have to explain how their algorithms work under proposed new EU rules and also open up their ad archives to regulators and researchers, Europe’s digital and antitrust chief said on Friday.
The move is likely to impact U.S. online giants such as Alphabet unit Google, Amazon, Apple and Facebook, with their treasure troves of data and lucrative online advertising businesses.
Advertising algorithms help companies target ads at the users that advertisers want to reach.
European Competition Commissioner Margrethe Vestager said the goal was to shed light on how these algorithms work and to make sure that companies are accountable for their decisions.
“And the biggest platforms would have to provide more information on the way their algorithms work, when regulators ask for it,” she told an event organised by research agency AlgorithmWatch and the European Policy Centre.
New training courses will help DevOps professionals learn how to develop secure software and keep the open source ecosystem secure.
Open Source Security Foundation (OpenSSF), hosted at the Linux Foundation, announced on Thursday that it is offering free training for developing secure software as well as adding a new certification and providing program and technical initiatives.
OpenSSF is a cross-industry collaboration to secure the open source ecosystem. Open source software is available across all industries and making sure it is secure is more important than ever before.
SEE: Linux commands for user management (TechRepublic Premium)
Three courses available on how to develop secure software
There are three free courses created by Open SSF on how to develop secure software on the non-profit edX learning platform. The courses will teach DevOps professionals how to develop secure software while reducing damage and increasing response speed when a vulnerability is found.
EDINBURGH, Scotland, Oct. 29, 2020 — Codeplay Software Ltd, leaders in enabling acceleration technologies, announced today that software developers working on HPC and AI for embedded systems will be able to take advantage of industry defined open standards from The Khronos Group on RISC-V architectures, thanks to Japan’s New Energy and Industrial Technology Development Organisation (“NEDO”) project in which NSITEXE and Kyoto Microcomputer Co., Ltd. (“KMC”) are participating.
NSITEXE and KMC have ordered an implementation of LLVM for RISC-V Vector Extension Processor (“RVV”), and also Codeplay’s ComputeAorta and ComputeCpp, efficient and high performance implementations of OpenCL and SYCL open standards. In the NEDO project, as a research, NSITEXE develops OpenCL and SYCL compilers from LLVM to utilize RVV, and KMC implements vector syntax to utilize RVV efficiently based on LLVM and Clang. These research developments will contribute to RISC-V community to support open-standard technologies.