Private Repository Secures the AI-driven Development Boom
Friday, March 27, 2026 by Austin Harris
ActiveState has launched ActiveState Curated Catalog. This new offering provides organizations with a private, secure repository of open source components from the ActiveState Library, giving developers and AI code generators access to vetted packages from a trusted internal source instead of pulling them directly from the open internet.
Directly pulling open source ...
AI model poisoning is real and we need to be aware of it
Monday, February 16, 2026 by Richard Harris
On a clear night I set up my telescope in the yard and let the mount hum along while the camera gathers light from something distant and patient. The workflow is a ritual. Focus by eye until the airy disk tightens. Shoot test frames and watch the histogram. Capture darks, flats, and bias frames so the quirks of the sensor can be cleaned away later. That discipline is no...
What's in Store for Open Source in 2026
Wednesday, January 21, 2026 by Mike Milinkovich
As 2025 draws to a close, many of us find ourselves reflecting on a year of remarkable change and looking ahead to what lies beyond the horizon. The end of the year often brings a mix of reflection and anticipation, a time when the open source ecosystem pauses to take stock and to imagine what the next chapter might bring.
In that spirit, I'd like to share a few ...
Markets rally as Nvidia faces high-stakes earnings test
Wednesday, December 3, 2025 by Brittany Hainzinger
US equity futures are advancing alongside tech shares ahead of Nvidia’s earnings Wednesday, as investors now face a moment that demands sharper attention, warns the CEO of one of the world’s largest independent financial advisory organizations.
The move higher reflects confidence that Nvidia will once again clear a demanding hurdle.
Consensus points to...
Nvidia's OpenAI investment could reach 100 billion
Wednesday, October 8, 2025 by Trey Abbe
Nvidia plans to invest up to $100 billion in OpenAI, supplying the artificial intelligence company with data center chips while acquiring non-controlling shares. The partnership represents one of the largest funding commitments in the AI sector and strengthens ties between two organizations at the forefront of machine learning development.
Strategic investment detail...
Google OOS Rebuild announced
Friday, August 8, 2025 by Austin Harris
Google has unveiled OSS Rebuild, a new initiative aimed at enhancing trust and transparency across open source package ecosystems. As software supply chain attacks continue to threaten widely-used dependencies, OSS Rebuild offers a scalable and low-friction solution that supports reproducible builds, independent verification, and provenance generation, all without burde...
Cybersecurity supply chain risk management predictions for 2025
Thursday, January 16, 2025 by Austin Harris
DTS CEO and President Edward Tuorinsky shares his cybersecurity prediction for shaping the 2025 business landscape.
Cybersecurity in 2025 is like that party game where you whisper a phrase to the person next to you. One mistake is passed along to others, with funny outcomes. The stakes are higher, and the results are less amusing when data breaches or hacks travel al...
Secure software development education report from the Linux Foundation
Wednesday, August 7, 2024 by Richard Harris
Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs." Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development. It underscores&n...
Social engineering takeover attacks are on the rise
Thursday, April 18, 2024 by Brittany Hainzinger
OpenSSF and the OpenJS Foundation (home to JavaScript projects used by billions of websites worldwide) are alerting open-source project maintainers of social engineering takeover attacks, following new attack attempts they’ve witnessed similar to the XZ Utils incident.
The OpenJS Cross Project Council received suspicious emails, imploring OpenJS to update one o...
ONCD asks software manufacturers to adopt memory safe languages
Tuesday, March 5, 2024 by Richard Harris
The White House Office of the National Cyber Director (ONCD) has released a new report asking software manufacturers to adopt memory-safe programming languages to help reduce vulnerabilities from entering the supply chain.
"For thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way. This repo...
Open source AI trends for 2024 according to Eclipse Foundation
Thursday, December 21, 2023 by Richard Harris
Each year I usually like to make a few predictions about where the software industry, open source, and Eclipse Foundation projects are headed. This year is going to be a little broader, as some large trends are going to impact us in ways that should be discussed and understood.
Government regulation will impact the software industry
The first trend is that for the...
ASPM 2024 report from Cycode
Friday, December 15, 2023 by Richard Harris
Cycode announced the release of its inaugural State of ASPM 2024 report. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. Surprisingly, 77% of CISOs believe software supply ch...
DevOps predictions for 2022
Wednesday, January 19, 2022 by Richard Harris
Yoav Landman, Co-Founder, and CTO of JFrog created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve, and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.
Low-Code/No-Code, Metaverse, and DevOps predictions for 2022
Landma...
