TechRepublic

350,000 open source projects at risk from Python vulnerability

Fifteen-year-old N-day Python tarfile module vulnerability puts software supply chain under the microscope. Cybersecurity company Trellix announced Wednesday that a known Python vulnerability puts 350 ...

OpenAI's New Daybreak⁠ Initiative Will Help Open-Source Projects Fend Off Bugs

OpenAI has launched Patch the Planet, a new initiative part of its Daybreak cybersecurity program.
Computer Weekly

15-year-old Python bug present in 350,000 open source projects

A 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain ...

The maker of ChatGPT wants to make open-source projects less of a security bargain

As AI tools flood open-source maintainers with low quality bug reports, OpenAI's new Patch the Planet initiative aims to filter out the noise and fix real threats.
Ars Technica

OpenAI is acquiring open source Python tool-maker Astral

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...
Bleeping Computer

PyPI mandates 2FA for critical projects, developer pushes back

On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of ...
Dark Reading

Open Source Security Priorities Get a Reshuffle

Open source components aimed at connecting applications to cloud resources and those written in Python have jumped up the list of critical packages, according to the latest rankings of the open source ...