tea.xyz Flags Critical Open-Source Supply-Chain Risks In 2026

ZUG, Switzerland, Jan. 16, 2026 (GLOBE NEWSWIRE) -- tea.xyz has announced their new ecosystem findings highlighting escalating risks across the global open-source software supply chain, warning that ...
TechCrunch

Infield wants to make open source dependency management trivial

Virtually every application today relies on dozens — and sometimes hundreds — of open-source components. Many of those get updated at a rapid clip in order to introduce new features and to fix ...
CSOonline

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies. The Open Source Security Foundation (OpenSSF) has released ...
The Hacker News

The State of Trusted Open Source

Analysis shows most security risk sits in longtail open source images, with 98% of CVEs outside top projects & Critical flaws ...
Security

Endor Labs releases report on open-source software dependency management

Endor Labs today released The 2024 Dependency Management Report, which consolidates extensive original and third-party research into the current state of security in the software dependency lifecycle ...
KRQE Blogs

Infield announces $3M funding to use AI to manage open-source dependency updates

NEW YORK, Jan. 16, 2024 /PRNewswire/ -- Infield today announced $3M in funding for its comprehensive open-source dependency manager. The round was led by Foundation Capital with participation of ...
InfoWorld

Open source trends for 2025 and beyond

Open-source software will continue its march through the enterprise technology stack, buoyed by AI and (hopefully) transformative funding solutions that address sustainability. Over the past decades, ...