Articles about Open Source

New research from Miggo Security suggests that CISA’s Known Exploited Vulnerabilities (KEV) catalog now reflects only a small slice of real-world exploit risk in open source, and it raises questions about how the industry should be using KEV going forward.

Using open source code speeds innovation but expands the attack surface with every imported library and dependency. The result is a growing catalog of vulnerabilities, each one a potential entry point for attackers.

Continue reading →

Microsoft, in conjunction with Activision, Team Xbox, and its Open Source Programs Office, has announced plans to open source some of Infocom’s most iconic interactive fiction. Zork I, Zork II, and Zork III will be released under the MIT License, placing the code for one of the most recognisable early computer game series into accessible public repositories. As someone who spent many hours playing the Zork trilogy (and other Infocom games) over the years, this is fantastic news.

Developers, students, and researchers will be able to examine the structure of the original titles directly rather than relying on secondary documentation or archived binaries. It will also provide a clearer view of how Infocom’s early work was built, maintained, and adapted across platforms.

Continue reading →

Today’s IT leaders frequently face a critical trade-off between delivery speed and systems security. AI-assisted and -generated coding tools accelerate development cycles, but this speed can run counter to the realities of managing multi-faceted, complicated software components.

This seemingly leaves CIOs with two choices, moving at the speed of business while balancing potential production systems risks, or being overcautious to the point of losing to competitor’s innovations.

Continue reading →

OpenUK has announced plans to collaborate with UK Research and Innovation (UKRI) to shape new recommendations for sustainable software development across the UK public sector. The work will improve how government and public bodies create, release, and maintain open source software, and also make sure that software funded through public money can be reused and improved long term.

The collaboration focuses on practical implementation as much as policy. OpenUK describes the initiative as an effort to move from goal-setting to action -- so that open source development and reuse become a central part of how the UK public sector approaches digital transformation.

Continue reading →

The latest OS Malware Index from Sonatype shows a 140 percent surge in open source malware as attackers target data and trusted dependencies.

The index is compiled from analysis of 34,319 open source malware packages discovered by Sonatype across major open source registries including npm, PyPI, Hugging Face, and more. This quarter’s count brings the total number of malicious packages Sonatype has discovered to 877,522 since 2019.

Continue reading →

Google has released information on a new AI-powered agent that automatically improves code security by fixing critical software vulnerabilities.

CodeMender has been built over the past six months and the company has already upstreamed 72 security fixes to open source projects, including some as large as 4.5 million lines of code.

Continue reading →

As more organizations scale up containerized workloads they’re also facing increasing security and compliance challenges.

Kim McMahon part of the leadership team at Sidero Labs to discuss the vulnerabilities enterprises are encountering when scaling up Kubernetes on traditional operating systems and what they can do to counter them.

Continue reading →

The Swiss have something of a reputation for being methodical -- particularly when it comes to things like banking -- so it’s no surprise that they take a similar approach to creating a large language model.

EPFL, ETH Zurich and the Swiss National Supercomputing Centre (CSCS) have today released Apertus, a large-scale, open, multilingual LLM. Apertus -- Latin for ‘open’ -- the name highlights its distinctive feature, that the entire development process, including its architecture, model weights, and training data and recipes, is openly accessible and fully documented.

Continue reading →

The Linux Foundation has released the 2025 World of Open Source Europe Report, describing open source as a strategic advantage for Europe but warning that a lack of cohesive strategy, leadership buy-in, and policy alignment could hold the continent back. The report, presented at the Open Source Summit Europe, draws on insights from more than 300 IT leaders.

The report found that open source is not just widely adopted but has become essential to Europe’s digital sovereignty. Despite this, the study warns that without deeper investment, stronger executive commitment, and policy frameworks that encourage innovation, Europe risks falling short of its potential to lead in global open innovation.

Continue reading →

Many of the concerns about artificial intelligence can be overcome through transparency. And it is in the name of transparency that Elon Musk has announced the open sourcing of its Grok 2.5 model.

More than this, the AI firm will also make the Grok 3 model open source is around six months.

Continue reading →

Microsoft has announced that it has plans to “truly open sourcing” WinUI, the user interface framework that is embedded in Windows. Although no specific timeframe has been mentioned, the company is “actively working toward it”.

Pointing out that making the WinUI repository open source is not just a “flip-the-switch moment” but a “deliberate process”, Microsoft lead software engineer Beth Pan says that the process is a complicated one. This is part of the reason for not being willing to commit to a specific end date for any particular milestone.

Continue reading →

According to Verizon’s 2025 Data Breach Investigations Report, API-related breaches have increased nearly 40 percent year-on-year, with broken authorization cited as one of the most exploited flaws.

Now though Intruder, a leader in attack surface management, has launched Autoswagger -- a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities.

Continue reading →

Mainstream developers and users are increasingly seeking alternatives to big tech’s centralized servers and cloud-based systems.

Issues like data breaches, censorship, and monopolization are driving this trend. We spoke to Mathias Buus Madsen, CEO of Holepunch, about why decentralization matters and how we can expect the trend to develop.

Continue reading →

Chaos RAT is back and causing trouble on Linux and Windows systems. This open source remote access tool was once pitched as a legitimate way to manage computers remotely. Now, it is being used to spy on users, steal data, and possibly set the stage for ransomware. But in an ironic twist, attackers are now turning the tables and exploiting Chaos RAT itself.

Originally written in Go and designed for cross platform compatibility, Chaos RAT has evolved from a basic tool into a very dangerous piece of malware. It has been spotted in real world attacks including a recent sample disguised as a Linux network utility. Victims were likely tricked into downloading a fake troubleshooting tool containing the malware.

Continue reading →

New research finds that 32 percent of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations. 68 percent are more realistic, noting they feel uncertain about achieving this near-impossible outcome.

The study from Lineaje, carried out among RSA attendees, also shows that while software bill of material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption.

Continue reading →