Open-Source Software Under Attack: GitHub Supply Chain Attack Exposes Thousands

A recent supply chain attack targeting the widely used tj-actions/changed-files tool has exposed thousands of organizations to security risks, highlighting the ongoing vulnerabilities within the open-source software (OSS) ecosystem. This attack has once again demonstrated the importance of rigorous security practices when integrating third-party dependencies. The Attack: How It Happened The tj-actions/changed-files tool, a GitHub…

Open-source software has rights: A French Telecom Provider Ordered to Pay Damages in Long-Running Copyright Case

After years of legal battles, the Court of Appeal of Paris has issued a landmark decision against Orange, one of France’s leading telecom providers. The court found Orange guilty of copyright infringement and violation of the GNU General Public License (GPL) in its use of Entr’Ouvert’s Lasso software. The ruling orders Orange to pay substantial…

News: US Government Released the 2023 Report on Open-Source Software Security Initiative

In adherence to President Biden’s National Cybersecurity Strategy, the Office of the National Cyber Director has unveiled the 2023 End of Year Report on the Open-Source Software Security Initiative (OS3I). The report highlights crucial initiatives undertaken in the past year, advancing the commitment to a secure digital ecosystem for all Americans.