Open source

Veracode Research Reveals Government Applications at Heightened Risk of Cyber Attack: 59% Have Flaws Left Unfixed for More than a Year

Retrieved on: 
Mercredi, mai 29, 2024
Security, Apps, Applications, Technology, Software, Networks, Internet, OMB, Computer security, Confidentiality, Private sector, Organization, News, Risk, CISA, Management, Java, Government, Open source, Federation, Research, Public sector, Multimedia, Security (finance)

Veracode , a global leader in application risk management, today released research revealing applications developed by public sector organizations have more security debt than those created by the private sector.

Key Points: 
  • Veracode , a global leader in application risk management, today released research revealing applications developed by public sector organizations have more security debt than those created by the private sector.
  • View the full release here: https://www.businesswire.com/news/home/20240529282258/en/
    Figure 2: Security Debt in Public Sector Applications (Graphic: Business Wire)
    “Decades of accumulated security debt in unpatched software and poor security configurations, are in the applications that serve our government,” said Chris Eng, Chief Research Officer at Veracode.
  • In response, the federal government is enforcing a flurry of initiatives to strengthen cybersecurity, including efforts to reduce risk in the applications that serve the government.
  • The analysis further shows security debt in the public sector is primarily concentrated in older, larger applications (22 percent).

Definition of 'Open Source AI' Closer to Reality with the Open Source Initiative Facilitating Global Workshop Series to Cap Off Multi-Year Initiative

Retrieved on: 
Mardi, mai 14, 2024
Woman, Alfred P. Sloan Foundation, OSI, AI, All, Organization, Open source, SAN, The Open Source Definition, Medical device

SAN FRANCISCO, May 14, 2024 /PRNewswire-PRWeb/ -- Open Source Initiative (OSI), globally recognized by individuals, companies and public institutions as the authority that defines Open Source, is driving a global multi-stakeholder process to define "Open Source AI." This definition will provide a framework to help AI developers and users determine if an AI system is Open Source or not, meaning that it's available under terms that allow unrestricted rights to use, study, modify and share. There are currently no accepted means by which openness can be validated for AI, yet many organizations are claiming their AI to be "Open Source." Just as the Open Source Definition serves as the globally accepted standard for Open Source software, so will the Open Source AI Definition act as a standard for openness in AI systems and their components.

Key Points: 
  • SAN FRANCISCO, May 14, 2024 /PRNewswire-PRWeb/ -- Open Source Initiative (OSI), globally recognized by individuals, companies and public institutions as the authority that defines Open Source, is driving a global multi-stakeholder process to define "Open Source AI."
  • There are currently no accepted means by which openness can be validated for AI, yet many organizations are claiming their AI to be "Open Source."
  • Just as the Open Source Definition serves as the globally accepted standard for Open Source software, so will the Open Source AI Definition act as a standard for openness in AI systems and their components.
  • This "Open Source AI Definition Roadshow" is sponsored by the Alfred P. Sloan Foundation , and OSI's sponsors and donors.

UAV (Drone) Market worth $48.5 billion by 2029 - Exclusive Report by MarketsandMarkets™

Retrieved on: 
Mercredi, mai 8, 2024
Cargo, UAV, Aeronautics, Consumer, Elbit Systems, Air taxi, Agriculture, Unmanned aerial vehicle, Transport, Lockheed Martin, Commercial, Thales Group, Personal air vehicle, Component, Rotorcraft, Augmented reality, AeroVironment, Region, Northrop Grumman, Virtual reality, Open source, Urban Air Mobility, Logistics, General Atomics Aeronautical Systems, Growth, Defense

The Fully Autonomous segment of the UAV (Drone) market is segment of the Unmanned Aerial Vehicle (UAV) market is projected to exhibit the highest CAGR.

Key Points: 
  • The Fully Autonomous segment of the UAV (Drone) market is segment of the Unmanned Aerial Vehicle (UAV) market is projected to exhibit the highest CAGR.
  • These advancements are critical for expanding UAV applications in commercial, military, and recreational sectors, thereby driving the market expansion of fully autonomous UAVs.
  • By Range, the UAV (Drone) market for the BVLOS segment is projected to grow at the highest CAGR during the forecast period.
  • The Platform segment within the UAV (Drone) market is projected to dominate in terms of market share.

UAV (Drone) Market worth $48.5 billion by 2029 - Exclusive Report by MarketsandMarkets™

Retrieved on: 
Mercredi, mai 8, 2024
Cargo, UAV, Aeronautics, Consumer, Elbit Systems, Air taxi, Agriculture, Unmanned aerial vehicle, Transport, Lockheed Martin, Commercial, Thales Group, Personal air vehicle, Component, Rotorcraft, Augmented reality, AeroVironment, Region, Northrop Grumman, Virtual reality, Open source, Urban Air Mobility, Logistics, General Atomics Aeronautical Systems, Growth, Defense

The Fully Autonomous segment of the UAV (Drone) market is segment of the Unmanned Aerial Vehicle (UAV) market is projected to exhibit the highest CAGR.

Key Points: 
  • The Fully Autonomous segment of the UAV (Drone) market is segment of the Unmanned Aerial Vehicle (UAV) market is projected to exhibit the highest CAGR.
  • These advancements are critical for expanding UAV applications in commercial, military, and recreational sectors, thereby driving the market expansion of fully autonomous UAVs.
  • By Range, the UAV (Drone) market for the BVLOS segment is projected to grow at the highest CAGR during the forecast period.
  • The Platform segment within the UAV (Drone) market is projected to dominate in terms of market share.

ActiveState Unveils Industry's First Continuous Code Refactoring Service For Automating Upgrades to Python Libraries

Retrieved on: 
Mercredi, mai 1, 2024
Fear, GCSC, Software, Research, DevOps, Catalog, ActiveState, Attention, Open source, Organization, Risk management

VANCOUVER, BC, May 1, 2024 /PRNewswire/ -- ActiveState, the Open Source Management platform securing enterprise software supply chains unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source. Updating software dependencies eliminates critical vulnerabilities and delivers enhanced functionality, reducing risk, improving productivity, and accelerating innovation. Initially supporting Python, GCSC allows developers, security, and DevOps teams to collaborate seamlessly through ActiveState's Open Source Management platform where they can pull from a vast and securely built catalog of Python packages, setup portable developer environments that make testing and continuous integration easy to implement, schedule regular incremental runtime updates, and configure automatic code refactoring when there are breaking changes.

Key Points: 
  • ActiveState's GCSC solution revolutionizes business software management by automating upgrades of open-source dependencies to secure, modern versions.
  • It uniquely supports deployment across various environments, which ensures continuous delivery of updated dependencies and refactored code, helping businesses maintain software security and modernity with ease.
  • AI is leveraged to automate and simplify code refactoring and to modernize Python applications.
  • Learn more about how you can get your Python code to securely Get Current, Stay Current .

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

Retrieved on: 
Mardi, avril 16, 2024
Science, Public sector, Risk, Software, Partnership, SBOM, Open Source Security Foundation, Translation, Silicon, Computer security, GitHub, DHS, Open source, Private sector, CISA, Organization, Growth, Melissa, S&T, Medical device

The OpenSSF has further committed to facilitating the open source and collaborative development of Protobom while encouraging the growth of an open source contributor community.

Key Points: 
  • The OpenSSF has further committed to facilitating the open source and collaborative development of Protobom while encouraging the growth of an open source contributor community.
  • Key to strengthening software security and software supply chain risk management, an SBOM is a nested, formatted inventory that lists the components making up software to include the supply chain relationships of various open source and commercial components used in building software.
  • Understanding the supply chain of software, obtaining an SBOM and using it to analyze known vulnerabilities are crucial for managing cybersecurity risk.
  • The Protobom project is a free resource for the continued evolution of software supply chain visibility and security.

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

Retrieved on: 
Lundi, avril 15, 2024
Education, Ecosystem, The Golden Egg, OSS, DLT, Distributed ledger, Partnership, Carbon, PostgreSQL, Linux Foundation, Open Source Summit, Automation, Open Source Security Foundation, Engineering, Linux, Boeing, Microsoft, Intel, Computer security, GitHub, Open source, SOSS, TTX, CISA, Community, Organization, Growth, XZ, SLSA

The OpenSSF is further pleased to host Secure Open Source Software (SOSS) Community Day at Open Source Summit North America (NA) 2024, which brings together members and contributors from around the world.

Key Points: 
  • The OpenSSF is further pleased to host Secure Open Source Software (SOSS) Community Day at Open Source Summit North America (NA) 2024, which brings together members and contributors from around the world.
  • “The challenge of safeguarding open source software is significant, and we eagerly anticipate collaborating with them.”
    To celebrate its growing community, the OpenSSF is hosting Secure Open Source Software (SOSS) Community Day at Open Source Summit NA 2024 in Seattle.
  • SOSS Community Day NA 2024, with over 500 registrants, is an opportunity for community members from across the open source security ecosystem to get together and share ideas.
  • Further highlighting the organization’s commitment to security education, SOSS Community Day NA will feature a 90-minute interactive tabletop exercise (TTX), designed to engage the open source community on security practices.

Mojaloop Foundation Launches Financial Inclusion Webinar Series

Retrieved on: 
Mercredi, mai 1, 2024
Banking, Software, Mobile, Wireless, Professional Services, Philanthropy, Personal Finance, Fintech, Payments, Technology, Digital Cash Management, Digital Assets, DEI (Diversity, Equity and Inclusion), Foundation, Finance, IIPS, Series, Security, Community, UTC, Open source

The Mojaloop Foundation is excited to announce the launch of its webinar series focusing on critical elements needed to advance financial inclusion in underserved areas.

Key Points: 
  • The Mojaloop Foundation is excited to announce the launch of its webinar series focusing on critical elements needed to advance financial inclusion in underserved areas.
  • This webinar series is part of the Mojaloop Foundation's ongoing commitment to driving innovation and collaboration in the financial inclusion space.
  • The first webinar in the series, “ The Open Source Landscape: Benefits, Security and Community ,” will take place on May 16th, 2024, at 11:00 a.m. UTC, and will delve into the critical role that open source software can play in advancing financial inclusion.
  • This webinar aims to address these concerns by highlighting the advantages and benefits of open source tools in instant and inclusive payment systems (IIPS), emphasizing the importance of fostering a robust open source community, and discussing open source IIPS security considerations,” said Mojaloop Foundation Director of Community Simeon Oriko.

Red Hat Expands Red Hat Trusted Software Supply Chain for a Developer-First Experience

Retrieved on: 
Jeudi, avril 18, 2024
Retail, Security, Technology, Apps, Applications, Professional Services, Supply Chain Management, 5G, Artificial Intelligence, Other Technology, Telecommunications, Software, Networks, Data Analytics, Internet, Mobile, Wireless, OpenShift, Organization, Policy, Red, SBOM, Red Hat, Documentation, Analyser, Open source, Trust, DevOps, IDC, VEX, OpenID, Artifact, Online shopping

Red Hat, Inc., the world's leading provider of open source solutions, today announced updates to Red Hat Trusted Software Supply Chain.

Key Points: 
  • Red Hat, Inc., the world's leading provider of open source solutions, today announced updates to Red Hat Trusted Software Supply Chain.
  • Red Hat Trusted Application Pipeline combines the capabilities of Red Hat Trusted Profile Analyzer and Red Hat Trusted Artifact Signer, along with Red Hat’s enterprise-grade internal developer platform, Red Hat Developer Hub , to provide security-focused software supply chain capabilities that are pre-integrated into developer self-service templates.
  • Red Hat Trusted Software Supply Chain is designed to seamlessly bring security capabilities into every phase of the software development life cycle.
  • The Red Hat Trusted Software Supply Chain extends its existing open source security due diligence to help customers manage their open source and software supply chains using the same software supply chain that Red Hat uses to deliver trusted open source software.”

ShadowDragon™ Releases The OSINT Platform, Horizon®

Retrieved on: 
Dimanche, avril 14, 2024
Government Technology, Security, Defense, White House, Federal Government, Legal, State, Local, Human Resources, Contracts, Software, Finance, Networks, Internet, Banking, Accounting, Homeland Security, Professional Services, Data Management, Technology, Public Policy, Government, Horizon, Open source, Neurocordulia, ANY, API, OSINT, Social media, Data collection, Mobile phone

The OSINT Platform encompasses an all-in-one solution for investigations with unparalleled access to publicly available information, including geolocation data, platform monitoring, breach data and the ability to integrate external data streams.

Key Points: 
  • The OSINT Platform encompasses an all-in-one solution for investigations with unparalleled access to publicly available information, including geolocation data, platform monitoring, breach data and the ability to integrate external data streams.
  • Horizon® offers access to more than 225 data collection sources, more than 1500 pivot points, and advanced, customizable link analysis capabilities.
  • This means that no matter what OSINT expertise you have, ShadowDragon's technology will speed up your investigation through an initiative platform.
  • For more information about the ShadowDragon™ suite of OSINT tools and capabilities, such as SocialNet®, OIMonitor®, MalNet®, and Horizon®, click here.