0 views collected around this technical thread.
A recent security analysis reveals how a malicious contributor infiltrated the open‑source xz compression tool over two and a half years, inserted a backdoor using IFUNC hooks to compromise OpenSSH, and was eventually uncovered due to a CPU‑spike bug, highlighting severe risks for Linux and macOS systems.
This article explains how open‑source technologies drive digital transformation in finance, outlines the regulatory "Opinions" guiding secure, compliant use, and details a comprehensive open‑source security management framework—including lifecycle standards, a dedicated platform, DevOps integration, SBOM adoption, and continuous risk mitigation.
The article explores the concept of trustworthy software, outlines its five key dimensions—safety, reliability, availability, security, and resilience—and describes how Huawei Cloud DevCloud is applying these principles through its open‑source mirror services and secure development practices.