Security

Endor Labs releases report on open-source software dependency management

Endor Labs today released The 2024 Dependency Management Report, which consolidates extensive original and third-party research into the current state of security in the software dependency lifecycle ...
InfoWorld

New Python lock file format will specify dependencies

Human-readable and machine-generated lock file will specify what direct and indirect dependencies should be installed into a Python environment. Python’s builders have accepted a proposal to create a ...
Dark Reading

New Application Security Toolkit Uncovers Dependency Confusion Attacks

Dependency confusion is a pesky software development problem, as malicious actors employ a variety of tricks to trick developers and integrators into incorporating malicious software components into ...