Nithin Kamath says FOSS is the 'pillar' on which Zerodha has been built. What is it?  Business Today

Read the original post:

Nithin Kamath says FOSS is the 'pillar' on which Zerodha has been built. What is it? - Business Today

How Dogeliens Will Take Over the Metaverse Like Bitcoin and Stellar Took Over the Crypto World.  newsbtc.com

See more here:

How Dogeliens Will Take Over the Metaverse Like Bitcoin and Stellar Took Over the Crypto World. - newsbtc.com

Intrinsic Buys Open Robotics' Commercial Arm, But Leaves ROS and Gazebo with the Foundation  Hackster.io

More here:
Intrinsic Buys Open Robotics' Commercial Arm, But Leaves ROS and Gazebo with the Foundation - Hackster.io

Check out all the on-demand sessions from the Intelligent Security Summit here.

Whether directly or indirectly, nearly all organizations depend on software created by the open-source community. In fact, an incredible 97% of applications incorporate open-source code, and 90% of organizations say they are using it in some way.

Still, as evidenced by Log4j and the SUNBURST/SolarWinds attack (and many others), open source can be rife with security vulnerabilities. According to Gartner, 89% of companies experienced a supplier risk event in the past five years, and Argon Security reports that software supply chain attacks grew by more than 300% between 2020 and 2021.

The work of the open-source community is used in almost every software product, so securing it and protecting the community has a big impact, said Mariam Sulakian, senior product manager at GitHub. Vulnerabilities in open-source code can have a global ripple effect across the millions of people and services that rely on it.

The leading hosting service offers several capabilities to help address this problem, and today announced expansions to two of them: GitHubs secret scanning alerts are now available for free on all public repositories, and its push protection feature is now offered for custom secret patterns. Both capabilities are now in public beta.

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

As the largest open-source community in the world, GitHub is always working to make using and contributing to open source easier, said Sulakian. We give away our most advanced security tools for free on public repositories to help keep open source secure, and to keep those building it safe.

Exposed secrets and credentials are the most common cause of data breaches, as they often go untracked. And, they can take an average of 327 days to identify.

Malicious actors often target leaked secrets and credentials as starting points for larger attacks, like ransomware and phishing campaigns, said Sulakian.

And, GitHub partners with more than 100 service providers to quickly remediate many exposed secrets through its secret scanning partner program.

For instance, in 2022, the hosting service has detected and notified on more than 1.7 million exposed secrets across public repositories. Breaking that down to daily numbers, GitHub finds more than 4,500 potential secrets leaked in public repositories.

Now, GitHub will empower open-source developers with these alerts too, and for free. Once enabled, GitHub directly notifies developers of leaked secrets in code. This enables them to easily track alerts, identify the leaks source, and take action.For example, a user can receive an alert and track remediation for a leaked self-hosted HashiCorp Vault key, said Sulakian.

Secret scanning for public repositories will help millions of developers avoid exposing their credentials and passwords by accident, she said.

The gradual public beta rollout of secret scanning for public repositories began today and the feature should be available to all users by the end of January 2023.

With secret scanning, we found a ton of important things to address, said David Ross, staff security engineer with Postmates. On the appsec side, its often the best way for us to get visibility into issues in the code.

Similarly, businesses often have their own unique set of secrets that they want to detect when exposed and protect before exposure, Sulakian explained.

With custom patterns, organizations scan for passwords in connection strings, private keys, and URLs that have embedded credentials (among other instances) across thousands of their repositories.

But remediation takes time and significant resources, said Sulakian.

To address this problem, GitHub introduced push protection to GitHub Advanced Security (GHAS) customers in April 2022. This capability seeks to proactively prevent leaks by scanning for secrets before they are committed.

In the eight months since that release, GitHub has prevented more than 8,000 secret leaks across 100 secret types, said Sulakian. With the enhanced capabilities announced today, organizations with GHAS have additional coverage for what are often their most important secret patterns: Those customized and defined internally to their organizations.

With push protection, businesses can prevent accidental leaks of the most critical secrets, said Sulakian.

Push protection for custom patterns can be configured on a pattern-by-pattern basis at the organization or repository level, Sulakian explained. With the capability enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern. Organizations can decide what patterns to push-protect based on false positives.

Integrating this capability into a developers flow saves time and helps educate on best practices, said David Florey, software engineering director at Intel.

If I attempt to push a secret, I immediately know it, he said.

The GitHub tool stops him before a secret is pushed into the codebase, he said; whereas, if he relied solely on external scanning tools to scan the repository after the secrets already been exposed, Ill need to quickly revoke the secret and refactor my code.

With threat actors increasingly targeting leaked secrets and credentials, GitHub customers are investing more resources to secure their growingly complex software supply chain, said Sulakian.

Organizations constantly seek to detect and fix vulnerabilities earlier in the software lifecycle to improve overall security, save costs related to reactive work by appsec teams, and minimize damage, said Sulakian.

GitHub helps application security teams rapidly identify and remediate the vulnerabilities in users code, she said. The company has developed its tools, many of them free, to integrate directly into developer workflows to enable more secure, faster coding. Recently, it also introduced private vulnerability reporting to help organizations easily disclose vulnerabilities and communicate with maintainers.

Our philosophy is to make all our advanced security features available for free on public repositories, said Sulakian.

Ultimately, she maintained, as the home for open source and 94-plus million developers, GitHub can advance the state of software security more than any other team or platform.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Read the original post:

Open-source code is everywhere; GitHub expands security tools to help ...

Security Of Enterprise Code: What Companies Using Open-Source Software Should Know About Binary Code Verification  Forbes

See the rest here:

Security Of Enterprise Code: What Companies Using Open-Source Software Should Know About Binary Code Verification - Forbes

Swift

Swift is a powerful and intuitive programming language designed to give developers the freedom and capabilities they need to create a new generation of cutting-edge apps. Swift is easy to learn and use and its open source, so anyone with an idea can create something incredible.

WebKit the open source rendering engine introduced by Apple powers Safari on macOS and iOS. WebKit features blazing performance and extensive standards support. And because its open source, developers can examine WebKit code and contribute to the community.

The Password Manager Resources open source project allows you to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords. The project also contains collections of websites known to share a sign-in system, links to websites pages where users change passwords, and more.

ResearchKit is an open source framework that enables an iOS app to become a powerful tool for medical research. It includes a variety of customizable modules that you can build upon and share with the community.

CareKit is an open source framework for developing apps that help people better understand and manage their health by creating dynamic care plans, tracking symptoms, connecting to care teams, and more.

Bonjour enables automatic discovery of devices and services on a local network using industry standard IP protocols. It makes it easy to discover, publish, and resolve network services with a sophisticated, yet easy-to-use, programming interface.

macOS combines a proven UNIX foundation with the easy-to-use Mac interface to bring industrial-strength computing to the desktop.

Here is the original post:
Open Source - Apple Developer

Our Pledge

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.

Examples of behavior that contributes to creating a positive environment include:

Examples of unacceptable behavior by participants include:

Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.

Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.

This Code of Conduct applies within all project spaces, and it also applies when an individual is representing the project or its community in public spaces. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.

This Code of Conduct also applies outside the project spaces when there is a reasonable belief that an individual's behavior may have a negative impact on the project or its community.

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at opensource-conduct@fb.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the projects leadership.

Read the original:

Code of Conduct | Meta Open Source - Facebook

Why do I need a code of conduct?

A code of conduct is a document that establishes expectations for behavior for your projects participants. Adopting, and enforcing, a code of conduct can help create a positive social atmosphere for your community.

Codes of conduct help protect not just your participants, but yourself. If you maintain a project, you may find that unproductive attitudes from other participants can make you feel drained or unhappy about your work over time.

A code of conduct empowers you to facilitate healthy, constructive community behavior. Being proactive reduces the likelihood that you, or others, will become fatigued with your project, and helps you take action when someone does something you dont agree with.

Try to establish a code of conduct as early as possible: ideally, when you first create your project.

In addition to communicating your expectations, a code of conduct describes the following:

Wherever you can, use prior art. The Contributor Covenant is a drop-in code of conduct that is used by over 40,000 open source projects, including Kubernetes, Rails, and Swift.

The Django Code of Conduct and the Citizen Code of Conduct are also two good code of conduct examples.

Place a CODE_OF_CONDUCT file in your projects root directory, and make it visible to your community by linking it from your CONTRIBUTING or README file.

A code of conduct that isnt (or cant be) enforced is worse than no code of conduct at all: it sends the message that the values in the code of conduct arent actually important or respected in your community.

Ada Initiative

You should explain how your code of conduct will be enforced before a violation occurs. There are several reasons to do so:

It demonstrates that you are serious about taking action when its needed.

Your community will feel more reassured that complaints actually get reviewed.

Youll reassure your community that the review process is fair and transparent, should they ever find themselves investigated for a violation.

You should give people a private way (such as an email address) to report a code of conduct violation and explain who receives that report. It could be a maintainer, a group of maintainers, or a code of conduct working group.

Dont forget that someone might want to report a violation about a person who receives those reports. In this case, give them an option to report violations to someone else. For example, @ctb and @mr-c explain on their project, khmer:

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by emailing khmer-project@idyll.org which only goes to C. Titus Brown and Michael R. Crusoe. To report an issue involving either of them please email Judi Brown Clarke, Ph.D. the Diversity Director at the BEACON Center for the Study of Evolution in Action, an NSF Center for Science and Technology.*

For inspiration, check out Djangos enforcement manual (though you may not need something this comprehensive, depending on the size of your project).

Sometimes, despite your best efforts, somebody will do something that violates this code. There are several ways to address negative or harmful behavior when it comes up.

Treat each community members voice as important as your own. If you receive a report that someone violated the code of conduct, take it seriously and investigate the matter, even if it does not match your own experience with that person. Doing so signals to your community that you value their perspective and trust their judgment.

The community member in question may be a repeat offender who consistently makes others feel uncomfortable, or they may have only said or done something once. Both can be grounds for taking action, depending on context.

Before you respond, give yourself time to understand what happened. Read through the persons past comments and conversations to better understand who they are and why they might have acted in such a way. Try to gather perspectives other than your own about this person and their behavior.

Dont get pulled into an argument. Dont get sidetracked into dealing with someone elses behavior before youve finished dealing with the matter at hand. Focus on what you need.

Stephanie Zvan, So Youve Got Yourself a Policy. Now What?

After gathering and processing sufficient information, youll need to decide what to do. As you consider your next steps, remember that your goal as a moderator is to foster a safe, respectful, and collaborative environment. Consider not only how to deal with the situation in question, but how your response will affect the rest of your communitys behavior and expectations moving forward.

When somebody reports a code of conduct violation, it is your, not their, job to handle it. Sometimes, the reporter is disclosing information at great risk to their career, reputation, or physical safety. Forcing them to confront their harasser could put the reporter in a compromising position. You should handle direct communication with the person in question, unless the reporter explicitly requests otherwise.

There are a few ways you might respond to a code of conduct violation:

Give the person in question a public warning and explain how their behavior negatively impacted others, preferably in the channel where it occurred. Where possible, public communication conveys to the rest of the community that you take the code of conduct seriously. Be kind, but firm in your communication.

Privately reach out to the person in question to explain how their behavior negatively impacted others. You may want to use a private communication channel if the situation involves sensitive personal information. If you communicate with someone privately, its a good idea to CC those who first reported the situation, so they know you took action. Ask the reporting person for consent before CCing them.

Sometimes, a resolution cannot be reached. The person in question may become aggressive or hostile when confronted or does not change their behavior. In this situation, you may want to consider taking stronger action. For example:

Suspend the person in question from the project, enforced through a temporary ban on participating in any aspect of the project

Permanently ban the person from the project

Banning members should not be taken lightly and represents a permanent and irreconcilable difference of perspectives. You should only take these measures when it is clear that a resolution cannot be reached.

A code of conduct is not a law that is enforced arbitrarily. You are the enforcer of the code of conduct and its your responsibility to follow the rules that the code of conduct establishes.

As a maintainer you establish the guidelines for your community and enforce those guidelines according to the rules set forth in your code of conduct. This means taking any report of a code of conduct violation seriously. The reporter is owed a thorough and fair review of their complaint. If you determine that the behavior that they reported is not a violation, communicate that clearly to them and explain why youre not going to take action on it. What they do with that is up to them: tolerate the behavior that they had an issue with, or stop participating in the community.

A report of behavior that doesnt technically violate the code of conduct may still indicate that there is a problem in your community, and you should investigate this potential problem and act accordingly. This may include revising your code of conduct to clarify acceptable behavior and/or talking to the person whose behavior was reported and telling them that while they did not violate the code of conduct, they are skirting the edge of what is expected and are making certain participants feel uncomfortable.

In the end, as a maintainer, you set and enforce the standards for acceptable behavior. You have the ability to shape the community values of the project, and participants expect you to enforce those values in a fair and even-handed way.

When a project seems hostile or unwelcoming, even if its just one person whose behavior is tolerated by others, you risk losing many more contributors, some of whom you may never even meet. Its not always easy to adopt or enforce a code of conduct, but fostering a welcoming environment will help your community grow.

Continue reading here:

Your Code of Conduct | Open Source Guides

From the creator of Homebrew, Tea raises $8.9M to build a protocol that helps open source developers get paid  TechCrunch

Visit link:

From the creator of Homebrew, Tea raises $8.9M to build a protocol that helps open source developers get paid - TechCrunch

Consortium of Japan partners successfully promote domestic production and cost reduction for 5G core technology, the basis for next-generation communication standards  TelecomTV

Read more:

Consortium of Japan partners successfully promote domestic production and cost reduction for 5G core technology, the basis for next-generation...