Supply chain attacks are increasing in volume, but open source vulnerabilities continue relatively unnoticed.

Since Apache Maven, the brainchild of Sonatype founder Jason van Zyl, emerged as a top-level Apache Software Foundation project in 2003, the Central Repository has become a primary source of open ...

NetRise®, the software supply chain security company that exists to eliminate blind trust in software, today announced the ...

NetRise launched NetRise Provenance on March 24 at RSAC 2026, a new product that adds contributor-level visibility to software supply chain analysis.

Two years ago, the joint government-private sector response to the Log4j vulnerability that spawned 800,000 attacks worldwide led to the Enduring Security Framework for federal agencies adopting open ...

New OpenSSF members include Helvethink, Spectro Cloud, and Quantrexion, who join the Foundation as General Members. As ...

Less than a year after closing its last funding round, Chainguard Inc. today disclosed that it has raised another $140 million to support its sales growth. Redpoint Ventures, Lightspeed Venture ...

White House and OMB initiatives are driving security concerns around open source because while it is a powerful tool, it needs to be managed effectively, our expert writes. Against a backdrop of ...

These heroes of open source software are hard at work behind the scenes without you even realizing it.

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...