The establishment of the Open Source Endowment (OSE), a fund to support open source projects, was announced on February 27, 2026. OSE was launched as 'the world's first endowment-based fund for open ...

When upgrading an Android Application which has a transitive dependency on Log4j from log4j-core 2.21.1 to 2.22.0, it fails with an exception because it seems the method AccessController.doPrivileged( ...

Abstract: In today’s digital landscape, the widespread utilization of the Java library Log4j for storing error messages in applications is prevalent. However, a ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

The beam-vendor-calcite-1_28_0 contains a bunch of shaded dependencies with major security vulnerabilities. For example, log4j:1.2.17 and protobuf-java:3.19.2. Are there any plans to upgrade the ...

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...

To nobody’s surprise, 2022 was another action-packed year for federal chief information security officers and cybersecurity teams across government. It started with the clean-up from the Log4j ...

The Log4j vulnerability continues to present a major threat to enterprise organizations one year after the Apache Software Foundation disclosed it last November — even though the number of publicly ...

SolarWinds and Log4j have made software supply chain security issues a topic of intense interest and scrutiny for businesses and governments alike. SolarWinds was a terrifying example of what can go ...

Originally published by Tigera here. Written by Giri Radhakrishnan, Tigera. In my previous blog post, I introduced the brief history of zero trust, the core pillars of a zero-trust model, and how to ...