MediaNama

What DoT’s continued push for source code access mean for manufacturers

The March 2026 ITSAR update suggests that makers of IoT devices like vehicle tracking devices have to provide source code ...
Opinion

The open source blind spot in our supply chains

Supply chain attacks are increasing in volume, but open source vulnerabilities continue relatively unnoticed.

Open source isn't a tip jar – it's time to charge for access

Opinion Time and again, I see people begging for companies with deep pockets to fund open source projects. I mean, after all, ...

Self-propagating malware poisons open source software and wipes Iran-based machines

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before ...

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
diginomica

Monki Gras 2026 - the most important thing in open source isn't the code

A conference about prepping craft turned out to be about something more fundamental - the communities that make everything ...

Kusari Brings Enterprise-Grade AI Code Review & Dependency Management to CNCF and OpenSSF Communities

Kusari Inspector is now free to CNCF and OpenSSF projects, delivering AI-powered dependency, license and security ...
Design News

AI for Hardware/Software Design: Things Just Got Personal

Let’s start by defining the main forms of AI that are in the news as we speak. In order of their appearance, we have ...

I found 7 open source apps so good I'd actually pay for them

But it has hidden layers I want visibility into, especially as awareness of tracking and data collection increases. Likewise, ...

Malware in an Open-Source Project Could Have Infected Thousands. The Twist? It Was Certified by Delve

McMahon wrote that the malware was likely vibe coded, and sloppily at that, leading to the so-called “fork bomb” that crashed ...