GitHub enables secret scanning push protection by default

In response to the alarming trend of API keys, tokens, and other confidential data being inadvertently exposed, GitHub has taken further steps to fortify its platform against potential breaches.

Within the first two months of 2024, GitHub has uncovered one million leaked secrets across public repositories, averaging over a dozen incidents per minute. Such alarming figures underscore the pressing need for robust safeguards to protect users and their data.

Since August...

Python packages caught using DLL sideloading to bypass security

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools.

On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by malicious actors to execute code discreetly and evade detection from security tools.

This...

GitHub invites open-source AI developers to apply for Accelerator

GitHub has announced applications are now open for the next cohort of its Accelerator program, which provides funding, mentoring, and other benefits for early-stage open-source projects. There is a particular focus this year on developers building AI solutions.

Applications will be accepted on a rolling basis until 5 March 2024. Ten projects will be selected to participate in the 10-week program beginning 22 April 2024.

The 2024 GitHub Accelerator cohort focuses on the...

Open source wins concessions in new EU cyber law

The European Cyber Resilience Act (CRA) has undergone substantial revisions, bringing relief to the open-source community.

Back in April, the Python Software Foundation (PSF) had expressed concerns about potential repercussions for CPython and PyPI if the initial form of CRA were to be enacted.

The primary worry was that, in the course of providing open-source software, the PSF and the Python community might assume legal responsibility for security issues in products...

Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

GitHub launches Innovation Graph for interactive development insights

GitHub has unveiled its Innovation Graph, an open data and insights platform for measuring and understanding the global impact of developers.

The ambitious initiative aims to address a longstanding challenge faced by policymakers and researchers: the lack of reliable and comprehensive data on trends in software development.

Understanding the Innovation Graph

The Innovation Graph is a repository of longitudinal metrics that track software development across economies...

Ruby on Rails creator deplores ‘open-source hooliganism’

Ruby on Rails creator David Heinemeier Hansson has expressed his concerns about what he called "open-source hooliganism."

Hansson recounted a recent incident involving the TypeScript community and their reaction to a decision made by the team behind Turbo.

Hansson began by acknowledging the passion that many developers have for their preferred programming languages and tools. He noted that the enthusiasm displayed by these individuals is a testament to their dedication...

Graphcore joins PyTorch Foundation as a general member

The PyTorch Foundation, a home for the deep learning community to collaborate on the open-source PyTorch framework and ecosystem, has announced that Graphcore is joining its ranks.

Graphcore – a Bristol, UK-based company specialising in designing and manufacturing AI accelerators, hardware, and software tailored for AI and machine learning workloads – has joined as a general member of the foundation.

PyTorch has long been a go-to framework for developers in the field...

Software Freedom Conservancy calls on FOSS contributors to ‘exit Zoom’

In the wake of the revelation that Zoom has been repurposing private user data to train machine learning models, the Software Freedom Conservancy (SFC) has taken a stand to emphasise the importance of Free and Open Source Software (FOSS) alternatives.

The SFC, an advocate for software rights and freedom, is extending its efforts to provide ethical technology choices and promote FOSS solutions for various needs.

The pandemic-driven shift towards digital technologies –...

Stability AI CEO: AI will replace human coders in five years

In a recent interview with Peter H. Diamandis for the Moonshots and Mindsets Podcast, Emad Mostaque, the founder and CEO of Stability AI, made a bold prediction: "There will be no programmers in five years."

Mostaque's vision of the future is one shaped by the transformative power of artificial intelligence and he believes that AI will play an increasingly dominant role in shaping our world.

Mostaque's argument is supported by data from GitHub, which reveals that an...