Open-Source Software Under Attack: GitHub Supply Chain Attack Exposes Thousands

fossity, ,

A recent supply chain attack targeting the widely used tj-actions/changed-files tool has exposed thousands of organizations to security risks, highlighting the ongoing vulnerabilities within the open-source software (OSS) ecosystem. This attack has once again demonstrated the importance of rigorous security practices when integrating third-party dependencies. The Attack: How It Happened The tj-actions/changed-files tool, a GitHub…

Read More

Open-source software has rights: A French Telecom Provider Ordered to Pay Damages in Long-Running Copyright Case

fossity, , ,

After years of legal battles, the Court of Appeal of Paris has issued a landmark decision against Orange, one of France’s leading telecom providers. The court found Orange guilty of copyright infringement and violation of the GNU General Public License (GPL) in its use of Entr’Ouvert’s Lasso software. The ruling orders Orange to pay substantial…

Read More

News: US Government Released the 2023 Report on Open-Source Software Security Initiative

fossity, ,

In adherence to President Biden’s National Cybersecurity Strategy, the Office of the National Cyber Director has unveiled the 2023 End of Year Report on the Open-Source Software Security Initiative (OS3I). The report highlights crucial initiatives undertaken in the past year, advancing the commitment to a secure digital ecosystem for all Americans.