Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

In February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated, well-disguised backdoor targeting sshd processes running...

GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them

The GitHub Advisory Database Advisory DB is a vital resource for developers, providing a comprehensive list of known security vulnerabilities and malware affecting open source packages. This post analyzes trends in the Advisory DB, highlighting the growth in reviewed advisories, ecosystem coverag...

A Bootiful Podcast: Johannes Bechberger, Java engineer at SAP

Hi, Spring fans! In this installment I talk to Johannes Bechberger, Java engineer working on profilers and their underlying technology in the SapMachine team at SAP. His work today comprises many open-source contributions and his blog, where he regularly writes on in-depth profiling and debugging...