Travis CI flaw exposed thousands of open-source projects’ secrets

A flaw in popular software testing tool Travis CI exposed the secrets of thousands of open-source projects.

Travis CI is a hosted continuous integration service used to build and test software projects hosted on GitHub and Bitbucket.

For at least a week – between 3-10 Sept – open-source repos that used Travis CI had their keys, credentials, and tokens exposed.

Ethereum developer Felix Lange discovered a flaw with how Travis CI handled environmental...

Sonatype analysis reveals a 73 percent surge in open-source demand

A report from Sonatype has revealed a 73 percent surge in the demand for open-source despite a year of high profile vulnerabilities.

The growing use of open-source to keep up with the pace of modern development makes it a prime target for cybercriminals. We’ve seen this multiple times in practice over the past year with devastating attacks like that on SolarWinds even making national headlines for its widespread implications.

In fact, Sonatype’s report highlights a...

Google wants to ‘advance cybersecurity’ by fixing open-source and increasing training

Google has committed $10 billion over the next five years to “advance cybersecurity” by fixing some of the key problems with open-source and offering more training.

The announcement follows Google’s participation in President Biden’s White House Cyber Security Meeting this week. Leading tech executives including Alphabet CEO Sundar Pichai put their heads together following an increasing prevalence and seriousness of cyberattacks.

Open-source is vital and speeds...

Stanford Law and GitHub launch initiative to protect open-source developers

Stanford Law and GitHub are partnering on an initiative to protect the legal rights of open-source developers.

Section 1201 of the Digital Millennium Copyright Act from 1998 prohibits the circumvention of technological measures employed by, or on behalf of, copyright owners to protect access to their works.

Open-source developers regularly face takedown claims under Section 1201 but, rather than fight it, they often decide to avoid the cost and risk by just removing the...

Sonatype Lift uses deep code analysis to suggest bug fixes

Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types.

Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Research from Veracode last year found that open-source libraries cause security flaws in around 70 percent of apps. However, open-source libraries are often critical to projects.

Using a deep code...

Trend Micro partners with Snyk to fight open-source bugs

Cybersecurity leader Trend Micro is partnering up with application security platform Snyk to fight open-source bugs.

Research from Veracode last year found that open-source libraries cause security flaws in 70 percent of apps. Snyk itself has observed a 2.5x growth in open-source vulnerabilities over the past three years.

However, open-source is vital to the advancement of the software development industry. Snyk estimates that around 80 percent of application today is...

Open-source solution switches GMS for HMS to enable AppGallery distribution

Bluesource has released a solution that switches apps using GMS (Google Mobile Services) for HMS (Huawei Mobile Services) to enable AppGallery distribution.

The open-source solution is called the Choice SDK and aims to save developers time and cost in converting their existing apps which use GMS and Firebase frameworks to be usable in Huawei’s ecosystem.

Martin Sprengseis-Kogler, Managing Partner at Bluesource, said:

“Businesses across Europe would like to...

Microsoft announces its own LTS build of OpenJDK

Microsoft has announced the preview of its own build of OpenJDK, a free and open-source implementation of the Java SE platform.

The Microsoft Build of OpenJDK is a long-term support (LTS) distribution that includes binaries for Java 11, based on OpenJDK 11.0.10+9, on x64 server and desktop environments on macOS, Linux, and Windows.

In a blog post, Microsoft wrote:

“Microsoft deploys over 500,000 Java Virtual Machines (JVMs) internally – excluding all Azure...

OpenUK: UK maintains lead in European open-source contributions

Research from OpenUK finds the UK continues to lead in European open-source contributions—delivering up to a £43 billion boost to the economy.

OpenUK is a non-profit which aims to develop and sustain UK leadership in open-source software, hardware, and data.

The UK is one of the leading countries for open-source contributors with an estimated 126,000 developers lending their skills to global efforts.

Cheryl Hung, VP of Ecosystem at the Cloud Native Computing...

GitHub partners with Adobe and AmEx to expand its MLH Fellowship

GitHub has partnered with Adobe and American Express (AmEx) to deliver a significant expansion of its MLH Fellowship.

The world’s largest repo host first announced MLH Fellowship in May last year. As the world adapted to remote work, the fellowship aimed to give students the opportunities they need to succeed.

93 percent of fellows said that participation in the initiative gave them more confidence in making open-source contributions. On the other side of the equation,...