Linux Foundation's trust scorecards aim to battle rising open-source security threats

abzee/Getty Images Open-source code has become a malware vector. For example, by the closest of shaves, an open-source developer discovered that Jia Tan, a chief programmer and maintainer of the Linux xz data compression library, was also a hacker who'd put a backdoor in the code to enable attackers to take over Linux systems. One of the root problems? No one knew who Tan was. We still don't know. Jim Zemlin, the Linux Foundation's executive director, addressed this fundamental problem of developer identity at the Linux Foundation Members Summit in Napa, CA. Zemlin opened his talk by saying: "Open source is now a fundamental building block of all modern computing, and hackers are paying attention. In addition, we've seen a whole bunch of new regulations around open source, such as the European Union's Cyber Resilience Act (CRA). The day when open-source software had minimal scrutiny is probably winding to a close." Also: Linux Foundation's latest partnership could shake up open-sour ... Read full article.