Once again, attention is being drawn to the underfunding of open-source projects, especially small software libraries. They’re hard to monetize, yet many companies rely on them. This time the criticism is aimed at Google. The company could do more, but has for many years supported the projects with staff time and funding. Steven J. Vaughan-Nichols writes in »FFmpeg to Google: Fund Us or Stop Sending Bugs« for thenewstack.io ...
Ellen Nakashima, Yvonne Wingett Sanchez and Joseph Menn write in »Global hack on Microsoft product hits U.S., state agencies, researchers say« for washingtonpost.com What’s also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. Once again, a security vulnerability in Microsoft’s software was exploited. And of course: no system is completely secure. But when almost everyone uses the same software, a single flaw becomes a widespread risk. That’s exactly the case with Microsoft Office, SharePoint, or Windows. ...
Creating a Software Bill of Materials (SBOM) for container images is no longer an issue. The handy tool “syft” lets you easily generate an SBOM in your desired format. This process can also be fully automated. Installation is very simple, and running it is straightforward as well. The text was automatically translated from German into English. The German quotations were also translated in sense.