Introducing OpenTDF: Open source, accessible security for developers

At Virtru, we believe that the ability to securely share data is essential — and that privacy is a human right that must be protected. It’s a mission we have stuck by since we started in 2011, and sees us supporting over 7,000 organisations worldwide to protect their most valuable asset, their data, with Zero-Trust security and powerful, granular policy controls that tie identity to data, everywhere it moves.

Now, Virtru is giving developers a new way to build security...

28 July 2022 | API

AG Grid and TanStack Table join forces as open source partners

Leading industry players AG Grid and TanStack Table, the two main datagrid and table providers, have united as open-source partners to unify their ecosystems and educate users about how and when to choose between their different approaches.

AG Grid and TanStack Table operate within the same problem space as each other, but are implemented via drastically different architectures and paradigms, each offering unique trade-offs, opinions and optimisations depending on use-case....

15 July 2022 | Open Source

SFC urges developers to quit GitHub

The SFC (Software Freedom Conservancy) has quit GitHub and urges other developers to follow.

SFC is a non-profit that aims to provide a home and services to Free, Libre, and Open Source Software (FLOSS) projects.

On Thursday, the SFC posted a blog post criticising the dominant role that GitHub has established in FOSS development.

In the post, Bradley Kuhn, SFC policy fellow, and Denver Gingerich, SFC FOSS license compliance engineer, highlighted the dangers of...

1 July 2022 | Development Tools

‘Protestware’ emerges amid Russia-Ukraine crisis

Some open-source developers are using their projects to target users in Russia after the country’s invasion of Ukraine.

The invasion of Ukraine has been almost internationally condemned. The actions of Russian forces are being investigated for numerous war crimes and the targeting of civilians in areas like Mariupol has equated to genocide.

State-controlled media and harsh penalties for protests mean that a large number of Russians believe the Kremlin’s narrative...

21 March 2022 | Open Source

GitHub Advisory Database now accepts community contributions

GitHub is opening its Advisory Database to community contributions to help further secure software supply chains.

One vulnerability can have a devastating “domino effect” on software across the globe. With the use of open-source increasing, so does the threat of a vast amount of software being compromised.

GitHub launched its Advisory Database almost two years ago. As the largest database of vulnerabilities in software dependencies in the world, it’s become an...

22 February 2022 | Hacking & Security

GitHub incentivises open-source investments with sponsor-only repos

GitHub is launching private repositories that only sponsors have access to, helping to incentivise open-source investments.

Open-source mostly relies on developers voluntarily giving up their time to build and improve projects. Priority is naturally given to work that helps to keep a roof over their heads and food on the table—meaning that open-source projects can be underdeveloped at best or be left with devastating vulnerabilities at worst.

A growing number of...

3 February 2022 | Git

Open-source can play a critical role in tackling the UK’s developer shortage

It is no secret that developers have never been more in demand. According to a recent analysis, the shortage of “programmers and software development professionals” only ranks behind HGV drivers and nurses as the occupation where worker shortages are most acute in the UK.

The sheer pace of digital transformation across every industry means the demand for developer talent continues to outstrip supply at a rapid rate – and the situation shows no sign of abating. Just about...

25 January 2022 | Git

Library deliberately corrupted by its developer relaunches as community project

A popular library that was deliberately corrupted by its own developer has been relaunched as a community-driven project.

Last week, Developer reported that users of open-source projects depending on the ‘colors’ and ‘faker’ libraries by Marak Squires were confronted with their applications indefinitely printing gibberish messages on their console—rendering them useless.

Squires corrupted his own libraries, seemingly in retaliation for others using them for...

17 January 2022 | Open Source

Google wants to increase government collaboration to secure open-source

Google says that it wants to increase government collaboration to help secure open-source after participating in a White House summit.

On Thursday, Google participated in the White House Open Source Software Security Summit with the aim of building on its “work with the Administration to strengthen America’s collective cybersecurity through critical areas like open-source software.”

The past year has been particularly bad for open-source security problems, with...

14 January 2022 | Hacking & Security

Open-source developer corrupted his own popular libraries

An open-source developer intentionally corrupted his own libraries that have been used by thousands of projects.

Users of open-source projects that depend on the ‘colors’ and ‘faker’ libraries by Marak Squires were confronted with their applications indefinitely printing gibberish messages on their console—rendering them useless.

The colors library receives over 20 million weekly downloads on npm alone and has almost 19,000 projects depending on it. The faker...

10 January 2022 | Open Source