ZDNet

More than 75% of all vulnerabilities reside in indirect dependencies

The vast majority of security vulnerabilities in open-source projects reside in indirect dependencies rather than directly and first-hand loaded components. "Aggregating the numbers from all ...
Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
Yahoo Finance

Introducing Chainguard Libraries: Guarded Java Language Dependencies Built from Source

New product line provides a catalog of the 20,000 most popular Java projects with end-to-end integrity, furthering Chainguard's mission to be the safe source for open source "Developers need a better ...

Transitioning from .NET to Java: A Technical Migration that Burdens Projects and Managers?

Many managers, when deciding to transition from .NET to Java, often carry the inherent belief that "Java's ecosystem is mature, and the talent pool is large," but overlook the essential technical ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
Hackaday

Going Native With Android’s Native Development Kit

Originally Android apps were only developed in Java, targeting the Dalvik Java Virtual Machine (JVM) and its associated ...
InfoQ

Chicory - a WebAssembly Interpreter Written Purely in Java with Zero Native Dependencies

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
TheServerSide

What is Java Development Kit (JDK)?

The Java Development Kit (JDK) is a development environment for building Java applications and applets that can then run on any Java Virtual Machine (JVM). The JDK includes a variety of development ...