#OpenSourceSecurity

Grype

@grypeproject.bsky.social

2 days ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

Syft

@syftproject.bsky.social

2 days ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

BaseFortify.eu

@basefortify.bsky.social

4 days ago

📦 Installing a single package can introduce dozens of dependencies.

Attackers exploit this through typosquatting, malicious packages, and compromised maintainers.

ENISA’s advisory highlights why dependency visibility is becoming critical.

#CyberSecurity #SoftwareSupplyChain #OpenSourceSecurity

Josh Bressers

@josh.bressers.name

5 days ago

The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer Josh talks to Paul Kehrer and Alex Gaynor, from the Python Cryptographic Authority. Alex and Paul recently published a statement discuss the challenges posed by modern OpenSSL. We discuss the statemen...

This week on #OpenSourceSecurity I had a chat with Paul Kehrer and Alex Gaynor about the statement they published discussing the challenges posed by modern OpenSSL for the python cryptography module

CIO.com

@cio.com

1 week ago

A man with glasses and a white patterned shirt is smiling with his hand near his chin. He has a bald head and light skin.

Marcin Wyszynski warns that open source isn’t the feel‑good story many think. It’s a survival strategy.
Read why teams betting on “free” tools need to rethink risk now:
spr.ly/63329h4jPX

#FoundryExpert #OpenSourceSecurity #SoftwareSupplyChain

Josh Bressers

@josh.bressers.name

1 week ago

Rust coreutils with Sylvestre Ledru Josh talks to Sylvestre Ledru about the Rust coreutils project. We’ve been using GNU coreutils for decades now, and the goal of Rust coreutils is to rewrite these utilities in Rust. The primary reason...

I had a chat on #OpenSourceSecurity with @sylvestreledru.bsky.social about his Rust coreutils work

Replacing coreutils with Rust is one of those things that I love as a way to improve security but also keep a project fresh in the modern age

I learned a ton from this disucssion

roxsross

@roxsross.bsky.social

2 weeks ago

⚠️ El desarrollo con IA lleva el riesgo del código abierto al límite

La IA acelera el desarrollo, pero multiplica los riesgos de seguridad

devops.com/ai-fueled-development-pu...

#OpenSourceSecurity #BlackDuckOSSRA #VulnerabilityManagement #RoxsRoss

Syft

@syftproject.bsky.social

2 weeks ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4

Grype

@grypeproject.bsky.social

2 weeks ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=FazSzP_Kty4

Eric Gallagher | SecuringTheBackbone.com

@ericgallagher.bsky.social

2 weeks ago

Full breakdown in this week's Securing the Backbone. Link below. 👇

www.linkedin.com/pulse/securi...

#DevSecOps #SoftwareSupplyChain #OpenSourceSecurity #CyberSecurity

Josh Bressers

@josh.bressers.name

2 weeks ago

Goose and the Agentic AI Foundation with Brad Axen Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but Brad has a very pragmatic view about where things...

This week on #OpenSourceSecurity I chat with Brad Axen about Goose and the Agentic AI Foundation

I'm often skeptical about AI claims, but I do approve the foundation model and seeing Goose donated to it

Syft

@syftproject.bsky.social

3 weeks ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=-Unu5gZ8Cxc

Grype

@grypeproject.bsky.social

3 weeks ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=-Unu5gZ8Cxc

Can

@canyesilyurt.com

3 weeks ago

Love that GitHub's investing in open source security for AI tools. Keeping those foundational projects safe means fewer Log4Shell nightmares down the line. 🛡️ #OpenSourceSecurity #AI

Jeff Bailey

@jeffbailey.us

3 weeks ago

What Is SBOM? SBOM is a Software Bill of Materials listing all components in software. Understand why it exists, how it works, and its role in software supply chains.

The software supply chain is already broken. SBOMs help you see where.

Learn how to make software visibility your first step.

jeffbailey.us/blog/2026/02...

#Software #SBOM #SoftwareSupplyChain #AppSec #OpenSourceSecurity #DevSecOps #OSS #SRE #PlatformEngineering

Jeff Bailey

@jeffbailey.us

3 weeks ago

What Is an OSPO? An Open Source Program Office (OSPO) coordinates strategy, compliance, and contributions. Learn what an OSPO is, why it exists, and how it works.

Legal, security, and devs walk into a bar. The OSPO keeps it from burning down.

Learn how OSPOs coordinate teams that could easily talk past each other.

jeffbailey.us/blog/2026/02...

#OpenSource #OSPO #SoftwareGovernance #SoftwareSupplyChain #RiskManagement #OpenSourceSecurity

roxsross

@roxsross.bsky.social

3 weeks ago

🔥 Tachan de "incendio" de seguridad a OpenClaw, pero hay una forma de protegerse

Un análisis de Snyk revela graves fallos en ClawHub. Te contamos cómo mitigarlos.

https://thenewstack.io/deno-sandbox-security-secrets/

#OpenSourceSecurity #SupplyChain #Snyk #RoxsRoss

TechNadu

@technadu.com

3 weeks ago

Read more:
www.technadu.com/15-openclaw-...

Do you think AI agent frameworks are being deployed too quickly in production environments? Comment your opinion below.
#CyberSecurity #AIAgents #DevSecOps #OpenSourceSecurity #AccessControl

TechNadu

@technadu.com

3 weeks ago

15 security flaws found in OpenClaw, including a critical auth bypass (CVSS 9.4).

AI agents with file, API & command access expand enterprise attack surfaces.

All patched - but adoption is accelerating fast.

#CyberSecurity #AIAgents #OpenSourceSecurity

Syft

@syftproject.bsky.social

1 month ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

Grype

@grypeproject.bsky.social

1 month ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

TechNadu

@technadu.com

1 month ago

Researchers disclosed critical n8n vulnerabilities (CVE-2026-25049) enabling sandbox escape and server-level control by authenticated users.

Patches are available, and no confirmed exploitation has been reported.

#CyberSecurity #n8n #CVE #OpenSourceSecurity #TechNadu

Manuel Bissey

@mbissey.bsky.social

1 month ago

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users A security audit found 341 malicious ClawHub skills abusing OpenClaw to spread Atomic Stealer and steal credentials on macOS and Windows.

Researchers found 341 malicious ClawHub repos spreading malware — open-source trust is being actively abused at scale. Clone carefully. 🧩⚠️ #OpenSourceSecurity #SupplyChainRisk

Josh Bressers

@josh.bressers.name

1 month ago

The Art of Crisis Management with David Bernstein Josh talks to David Bernstein about the world of crisis management and business continuity. David is a certified emergency manager and tell us about preparing for both digital and physical disruptions...

This episode of #OpenSourceSecurity I have a chat with David Bernstein about crisis response

I love this topic because responding to a crisis is pretty common in security work, but doesn't have to be a gong show

This is one of those topics that can go deep. David did a nice job covering basics

CyberMaterial

@cybermaterial.bsky.social

1 month ago

Notepad Plus Plus Update Spreads Malware
Read More: buff.ly/OVafqqU

#NotepadPlusPlus #SupplyChainAttack #SoftwareUpdateAbuse #StateSponsoredHack #MalwareDistribution #CyberThreat #InfosecAlert #OpenSourceSecurity

CyberMaterial

@cybermaterial.bsky.social

1 month ago

OpenSSL Fixes 12 Flaws Including RCE
Read More: buff.ly/F70rTJm

#OpenSSL #OpenSourceSecurity #RemoteCodeExecution #CriticalVulnerability #PatchTuesday #CryptoSecurity #AppSec #CVE

Grype

@grypeproject.bsky.social

1 month ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=rKOnBryIYww

Grype

@grypeproject.bsky.social

1 month ago

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=rKOnBryIYww

CyberMaterial

@cybermaterial.bsky.social

1 month ago

Grist Core Flaw Enables Remote Code Execution
Read More: buff.ly/Vm8WYov

#CVE202624002 #RemoteCodeExecution #GristCore #OpenSourceSecurity #Pyodide #AppSec #VulnerabilityDisclosure #ZeroDay

Josh Bressers

@josh.bressers.name

1 month ago

All about Suricata with Victor Julien Josh discusses Suricata with Victor Julien, the founder and lead developer of the Suricata project. Victor explains the history of Suricata, its impact on cybersecurity, and the community that keeps i...

This episode of #OpenSourceSecurity I discuss @suricata.io with Victor Julian

Victor tells us all about the past, present, and future of #Suricata

I learned a ton

opensourcesecurity.io/2026/2026-01...