Legislation, which passed last week, criticised for a lack of understanding of the open source model
New version to be released 1st November. Organisations should act now to track down OpenSSL 3.0.x in their infrastructure, warns Sonatype
Victims are offered the decryption key without payment, but the prank demonstrates how easy such an attack can be
Initial versions of 'protestware' module added to npm-ipc wiped data on users' devices
Malicious typosquatting packages prey on naive users or developers who make a slight typographical error
Patch Log4j urgently admins urged, as memories of 2017 Equifax hack loom large
IAM misconfiguration has played an increasing role in cloud breaches over the past few years, finds Sonatype/Fugue research
Panellists at Computing's DevOps Summit describe their experience of bimodal IT