According to the 2024 Global Startup Ecosystem Report by Startup Genome, the Netherlands ecosystem is now ranked number 13 in the world placing it ahead of both Paris and Berlin. In 2023, Dutch startups raised $2.2bn.While there have been fewer startup deals this year, overall investment is up, according to figures from the Dutch Startup Association. And for some startups and scaleups, 2024 was truly a monumental year.Picnic raises one of Europes largest roundsHaving grown its business 40% in 2023 following international expansion across France and Germany, Dutch online supermarket Picnic kicked off the year in style as it announced a 355mn funding round in January. The Bill and Melinda Gates foundation participated in the round, which brought the companys total raised to 1.3bn. Founded in 2015, Picnic, its fully automated fulfilment centres, and delivery algorithms have defied the mass collapse of online grocery delivery startups that befell the likes of Getir and Flink after the pandemic. In 2018, the year before hitting 1,000,000 shoppers in the Netherlands, the companys CTO Daniel Gebler took the stage at TNW Conference to talk about the tech that is disrupting the everywhere commerce space.Gebler also closed the year with a bang, as he was named CxO of the year by Computable.nl.Read the case studyDataSnipper reaches unicorn statusIts Series B $100mn raise in February saw Amsterdam-headquartered auditing platform DataSnipper valued at $1bn, aka achieving the mythical status of unicorn. The round was led by Index Ventures and the funds are helping DataSnipper, which already counts Hilton, Siemens, and Frontier Airlines among its clients, to expand across more verticals including forensic accountants and tax advisors. DataSnipper was founded by Maarten Alblas, Jonas Ruyter, and Kai Bakker in 2017. In 2023, the company appointed a new CEO in Vidya Peters (on the featured image along with the founding team). Peters was previously Chief Operating Officer at payment solution provider Marqeta, helping the company go public in 2021. She sees the long term objective of DataSnipper as connecting unstructured data across industries, and believes there is tremendous opportunity for growth and expansion globally.Mews becomes a unicorn, 100mn fund by Carbon EquityMarch was a month of celebration for current and former TNW Spaces member startups. Hotel management software provider Mews hit a 1.1bn valuation after a 101mn raise, led by Swedish investment company Kinnevik.The good news for Mews, founded in 2012 by former hotelier Richard Valter, did not stop there. In September, the company bagged another 90mn from Vista Credit Partners. Having already purchased nine other startups in the sector, the funds will allow Mews to continue its buying spree, consolidating its place as a market leader in redefining the hospitality industry with its cloud offerings.Meanwhile, leading climate fund investment startup Carbon Equity raised 100mn for its Climate Tech Portfolio Fund II exceeding an initial target of 75mn and more than doubling its first fund from 2022. Founded only in 2021, Carbon Equity has quickly become a force to be reckoned with for investments in curated clean tech solutions.In October, Wired dubbed Carbon Equity one of the hottest startups in Amsterdam, and at the beginning of December, co-founder Jacqueline van den Ende was awarded the title of Changemaker of the Year by Change Inc, rounding off a momentous year. Lets hope climate tech investment continues to thrive in 2025.First ever tech fund by Dutch Ministry of DefenceIt is perhaps an unfortunate sign of the times we live in, but there is no denying that defence tech startups from Ukrainian drone developers to German AI darling Helsing are on a roll. In October, the Dutch Ministry of Defence announced a 100mn fund to provide early-stage financing to the countrys startups, scaleups, and SMEs that meet specific innovation needs.The fund will invest up to 5mn per company. It will focus on dual-use technologies, meaning tech that can be used both for civilian and military purposes. It is expected to open in 2025, so keep your eyes peeled for the first investments.We cant wait to see what 2025 will bring as Amsterdam celebrates its 750th anniversary and TNW Conference returns to NDSM island in June. Join us as we bring together the whole Dutch tech ecosystem and discover what is truly next in tech! Story by Linnea Ahlgren Linnea is the senior editor at TNW, having joined in April 2023. She has an Ma in international relations and covers quantum, AI, and the ev (show all) Linnea is the senior editor at TNW, having joined in April 2023. She has an Ma in international relations and covers quantum, AI, and the evolving concept of 'technological sovereignty'. Dabbles in gaming and fitness wearables. But first, coffee. Get the TNW newsletterGet the most important tech news in your inbox each week.

Apple this year was forced to drastically change how iOS works in the EU due to the Digital Markets Act (DMA) antitrust law, which establishes a series of rules to prevent big techs from engaging in anti-competitive practices. However, it seems that the EU wants even more from Apple, as the European Commission is now demanding that the company ensure the effective interoperability of iOS with other platforms.EU calls on Apple to further change the way iOS worksAs reported by Bloomberg, the European Commission published a document on Wednesday as part of its antitrust investigations against Apple. In the document, the EU instructs Apple to change many aspects of iOS so that third-party developers can have access to technologies that currently only Apple can.For instance, the document suggests that Apple make it easier for users to pair and control accessories such as smartwatches and headsets from other brands on iOS. It also says that the company should allow third-party apps to run entirely in the background something that only Apple apps can currently do. The document even covers features such as AirPlay and AirDrop, which are currently limited to Apple devices.The EU has set January 9, 2025 as the deadline for its consultation in the case. In response, Apple published an online document criticizing the European Commission and the DMA legislation, claiming that the situation is becoming personal. Unsurprisingly, Apple highlights its work on privacy and security, and says that the DMA requirements make its ecosystem less secure.Apple says that if it opens up all technologies to anyone, it will put iOS users data at risk. Interestingly, Apple also notes that Meta is one of the companies that has made the most requests to access Apples sensitive technologies under the DMA.If Apple were to have to grant all of these requests, Facebook, Instagram, and WhatsApp could enable Meta to read on a users device all of their messages and emails, see every phone call they make or receive, track every app that they use, scan all of their photos, look at their files and calendar events, log all of their passwords, and more. This is data that Apple itself has chosen not to access in order to provide the strongest possible protection to users.Meta claims that it needs access to iOS technologies to provide a better experience with external devices such as Ray-Ban Meta smart glasses and Meta Quest headsets. However, Apple says that it already provides interoperability with these devices without the need for special permissions.The EU may launch a formal probe against Apple if the company fails to comply with the DMA rules. This could result in heavy fines of up to 10% of the companys global annual sales.Apple could face EUs first-ever DMA fineLast month, the Brazilian regulator also ruled that Apple should open up its ecosystem to third-party developers. Although Apple has appealed the decision, the company could still be forced to enable sideloading in Brazil as well.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

OpenAI has been announcing a lot of new features and enhancements for ChatGPT in recent days, and the company still has a few more cards up its sleeve. Now OpenAI is introducing an intriguing feature: the ability to call ChatGPT using your phone line without the need for cellular data.ChatGPT now has its own phone numberThe announcement was made by OpenAI via a live stream on YouTube and shows the technology in action. Essentially, anyone in the US can now call 1-800-CHATGPT (1-800-242-8478) to talk to ChatGPT and get access to the same advanced answers you can get from the chatbot on the web. ChatGPT via telephone uses Advanced Voice Mode technology to provide a natural conversation with the user.The main idea of offering access to ChatGPT via a regular phone line is to let people talk to the chatbot when they are in an area without an internet connection. In the demo, OpenAI gave the example of people on a road trip who want to know more about something theyve seen without having to upload a photo or video.For users in the rest of the world, OpenAI also announced that ChatGPT is now available on WhatsApp, so that users can chat with the chatbot by text directly from Metas messaging platform. To do this, simply start a chat with the same phone number mentioned above (1-800-242-8478). OpenAI says its working on letting users log into their ChatGPT accounts with the WhatsApp bot.Earlier this week, OpenAI also made ChatGPT Search available to everyone for free. With ChatGPT Search, users can ask questions and get answers with data collected from the web in real time. OpenAI has also added video support to ChatGPTs Advanced Voice Mode, so that users can have a natural conversation with the chatbot via video chat.In addition, with therelease of iOS 18.2 last week,iPhoneandiPadusers can now talk to ChatGPT right from Siri.The ChatGPT app is available for free on the App Store. It requires an iPhone running iOS 16.4 or later.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Listen to a recap of the top stories of the day from9to5Mac. 9to5Mac Daily is availableon iTunes and Apples Podcasts app,Stitcher,TuneIn,Google Play, or through ourdedicated RSS feedfor Overcast and other podcast players.Sponsored by CardPointers: The best way to maximize your credit card rewards. 9to5Mac Daily listeners can exclusively save 50%.New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as theyre available.Stories discussed in this episode:Listen & Subscribe:Subscribe to support Chance directly with 9to5Mac Daily Plus and unlock:Ad-free versions of every episodeBonus contentodCatch up on 9to5Mac Daily episodes!Dont miss out on our other daily podcasts:Share your thoughts!Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

It's like NASA lashed six of its last Marscopter together into a flying monstrosity.Mars ChopperNASA has shown off early renderings of an enormous Mars Chopper concept, a proposed follow-up to the space agency's groundbreaking Ingenuity Mars Helicopter.The six-rotor monstrosity could turn out to be "the size of an SUV," according to NASA, allowing it to carry science payloads up to 11 pounds across distances of up to 1.9 miles per Mars day.A sleek animation shared by NASA's Jet Propulsion Lab last week shows the massive three-legged drone gliding over a rugged, mountainous landscape.In other words, the Chopper could pick up right where Ingenuity left off. Its much smaller ancestor sent its final transmission back to Earth in April, bookending an astounding proof-of-concept mission.The four-pound rotorcraft, which became the first-ever human-made object to take flight on a different planet in 2021, completed 72 flights in just under three years, which was an astonishing achievement, given that it was designed to fly only five times over 30 Mars days.Whether NASA's Chopper will get even close to that kind of success remains unclear, but now that Ingenuity has blazed its path, it's still entirely possible.Dune FineAccording to NASA, the concept "remains in early conceptual and design stages." Its main task would be to assist scientists in studying even larger swathes of the Martian terrain, at relatively high speeds.In particular, the Chopper could go where rovers can't, allowing scientists to get an unprecedented glimpse of inaccessible areas of the Red Planet.Meanwhile, NASA scientists are still trying to get to the bottom of why its Ingenuity helicopter crashed on January 18 of this year, in its 72nd and final flight.Ahead of the release of a full technical report, the agency suggested that the small craft's navigation system was confused by a sandy, featureless terrain, causing it to miscalculate its velocity and make a "hard impact on the sand ripple's slope.""When running an accident investigation from 100 million miles away, you dont have any black boxes or eyewitnesses," said Ingenuitys first pilot, Hvard Grip of JPL, in a statement. "While multiple scenarios are viable with the available data, we have one we believe is most likely: Lack of surface texture gave the navigation system too little information to work with."It's still unclear whether NASA will end up sending its much larger and even more ambitious Mars Chopper to the Red Planet. But if it ever does make the long journey, it'll have some big shoes to fill.More on Ingenuity: Dying Mars Helicopter Sends NASA Final TransmissionShare This Article

Look who's back.Character AssassinThe sympathetic response to Luigi Mangione, the suspect charged for the murder of UnitedHealthcare CEO Brian Thompson, has been described by some commentators as a modern update on a age-old American tradition: mythologizing the heroic outlaw.Well, you can now add "AI chatbot imitators" to that list of modern bonafides. As Forbes reports, over a dozen AI personalities based on Mangione have already popped up on Character.AI, a popular but controversial chatbot platform and some have even encouraged further violence.According to figures cited by Forbes and assembled by social analytics firm Graphika, the three most used Mangione chatbots on Character.AI had recorded over 10,000 chats before being disabled on December 12. Despite that apparent crackdown, other AI imitators remain online.The presence of these chatbots illustrates the popularity of Mangione and his alleged motives behind the killing a violent act of defiance against the "parasites" of the American healthcare industry especially among the young crowd that Character.AI caters to.But more damningly, it's also evidence of the site's extensively documented failure to police its platform, which is rife with dangerously unchecked chatbots that target and abuse young teens.Murder PlotIn Forbes' testing, one active Mangione Character.AI persona, when asked if violence should be used against other healthcare executives, replied, "Don't be so eager, mia bella. We should, but not yet. Not now." Probed for when, it followed up, saying, "Maybe in a few months when the whole world isn't looking at the both of us. Then we can start."But another Mangione chatbot, which was purportedly trained on "transcripts of Luigi Mangione's interactions, speeches, and other publicly available information about him," said violence was morally wrong under the same line of questioning.Chatbots that suggest "violence, dangerous or illegal conduct, or incite hatred," go against Character.AI's stated policy, as are "responses that are likely to harm users or others."Character.AI told Forbes that it had added Mangione to a blocklist, and that it was referring the bots to its trust and safety team. But while that first Mangione chatbot was disabled, the second, which refrained from advocating violent means, remains online,along with numerous others.Forbes also found similar Mangione imitators on other platforms, including several on the app Chub.AI, and another one on OMI AI Personas, which creates characters based off X-formerly-Twitter accounts.Bot ListeningCharacter.AI, which received $2.7 billion from Google this year and was founded by former engineers from the tech monolith, has come under fire for hosting chatbots that have repeatedly displayed inappropriate behavior toward minor users.Our investigations here on Futurism have uncovered self-described "pedophilic" AI personas on the platform that would make advances on users who stated they were underaged.Futurism has also found dozens of suicide-themed chatbots that openly encourage users to discuss their thoughts of killing themselves. A lawsuit was filed in October alleging that a 14-year-old boy committed suicide after developing an intense relationship with a Character.AI chatbot.More recently, we exposed multiple chatbots that were modeled after real-life school shooters, including the perpetrators of the Sandy Hook and Columbine massacres."We're still in the infancy of generative AI tools and what they can do for users," Cristina Lpez, principal analyst at Graphika, told Forbes. "So it is very likely that a lot of the use cases that are the most harmful we likely haven't even started to see. Weve just started to scratch the surface."More on the CEO shooting: Apple AI Tells Users Luigi Mangione Has Shot HimselfShare This Article

SpaceX CEO Elon Musk is turning out to be a massive security liability for the US military.According to a shocking report by the New York Times, the mercurial entrepreneur is being investigated by the Defense Departments Office of Inspector General, the Air Force, and the Pentagon's Office of the Under Secretary of Defense for Intelligence and Security.That's because his space company has reportedly "repeatedly failed to comply with federal reporting protocols aimed at protecting state secrets" since at least 2021, which includes not disclosing Musk's frequent meetings with foreign leaders, most notably Russian president Vladimir Putin.According to the report, Musk has been violating the rules set out by his "top secret" security clearance for years.Musk was even denied high-level security access by the Air Force, according to the NYT's sources, and the Middle Eastern nation of Israel has expressed concerns that he could leak sensitive state secrets.It's an extremely pertinent topic now that the richest man in the world has been put in charge of cutting the federal budget as part of the so-called "Department of Government Efficiency."Given his close relationship with president-elect Donald Trump, his penchant for breaking norms and conventions, and periodic hobnobbing with leaders of US adversaries, Musk is quickly turning into a headache for US officials.Meanwhile, Musk has shot back at the reporting."Deep state traitors are coming after me, using their paid shills in legacy media," he wrote. "I prefer not to start fights, but I do end them..."SpaceX employees who spoke with the NYThave equally become concerned over Musk's ability to keep sensitive information to himself.Since at least 2021, Musk and his space company have flouted reporting requirements, including disclosing information about his visits with foreign leaders.He has also reportedly failed to relay information about his drug prescriptions and drug use, a topic that has been under heavy scrutiny for a while now."To have someone who has major contracts with the government who would be in a position to pass along whether deliberately or inadvertently secrets is concerning," Senator Jeanne Shaheen (D-NH) told the NYT.The NYT's reporting also corroborates that of the Wall Street Journal, which reported earlier this week that Musk struggled to get approval for "top secret" security clearance after smoking marijuana on Joe Rogan's podcast in 2018.While that's technically the highest level of Defense Counterintelligence and Security Agency clearance, it doesn't grant access to high level government affairs, such as SpaceX's Starshield spy satellite program."If you dont self-report, the question becomes: Why didnt you? And what are you trying to hide?" former Central Intelligence Agency official Andrew Bakaj told the NYT.Lawmakers are also growing concerned over Musk's ability to keep state secrets to himself."He is creating a very threatening environment for government institutions that we rely on to reveal wrongdoing when it happens," Project on Government Oversight executive director Danielle Brian told the NYT. "It is going to break our system of accountability and checks and balances."Share This Article

Dec 18, 2024Ravie LakshmananEmail Security / Cloud SecurityCybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure.The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical, and industrial compound manufacturing users in Europe."The campaign's phishing attempts peaked in June 2024, with fake forms created using the HubSpot Free Form Builder service," security researchers Shachar Roitman, Ohad Benyamin Maimon, and William Gamazo said in a report shared with The Hacker News.The attacks involve sending phishing emails with Docusign-themed lures that urge recipients to view a document, which then redirects users to malicious HubSpot Free Form Builder links, from where they are led to a fake Office 365 Outlook Web App login page in order to steal their credentials.Unit 42 said it identified no less than 17 working Free Forms used to redirect victims to different threat actor-controlled domains. A significant chunk of those domains were hosted on the ".buzz" top-level domain (TLD)."The phishing campaign was hosted across various services, including Bulletproof VPS host," the company said. "[The threat actor] also used this infrastructure for accessing compromised Microsoft Azure tenants during the account takeover operation."Upon gaining successful access to an account, the threat behind the campaign has been found to add a new device under their control to the account so as to establish persistence."Threat actors directed the phishing campaign to target the victim's Microsoft Azure cloud infrastructure via credential harvesting attacks on the phishing victim's endpoint computer," Unit 42 said. "They then followed this activity with lateral movement operations to the cloud."The development comes as attackers have been spotted impersonating SharePoint in phishing emails that are designed to deliver an information stealer malware family called XLoader (a successor to Formbook).Phishing attacks are also increasingly finding novel ways to bypass email security measures, the latest among them being the abuse of legitimate services like Google Calendar and Google Drawings, as well as spoofing email security provider brands, such as Proofpoint, Barracuda Networks, Mimecast, and Virtru.Those that exploit the trust associated with Google services involve sending emails including a calendar (.ICS) file with a link to Google Forms or Google Drawings. Users who click on the link are prompted to click on another one, which is typically disguised as a reCAPTCHA or support button. Once this link is clicked, the victims are forwarded to phony pages that perpetrate financial scams.Users are advised to enable the "known senders" setting in Google Calendar to protect against this kind of phishing attack.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 18, 2024Ravie LakshmananCyber Attack / VulnerabilityThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS score: 9.8), which also came under active exploitation shortly after public disclosure."An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution," according to the Apache advisory.In other words, successful exploitation of the flaw could allow a malicious actor to upload arbitrary payloads to susceptible instances, which could then be leveraged to run commands, exfiltrate data, or download additional payloads for follow-on exploitation.The vulnerability impacts the following versions, and has been patched in Struts 6.4.0 or greater -Struts 2.0.0 - Struts 2.3.37 (End-of-Life),Struts 2.5.0 - Struts 2.5.33, and Struts 6.0.0 - Struts 6.3.0.2Dr. Johannes Ullrich, dean of research for SANS Technology Institute, said that an incomplete patch for CVE-2023-50164 may have led to the new problem, adding exploitation attempts matching the publicly-released proof-of-concept (PoC) have been detected in the wild."At this point, the exploit attempts are attempting to enumerate vulnerable systems," Ullrich noted. "Next, the attacker attempts to find the uploaded script. So far, the scans originate only from 169.150.226[.]162."To mitigate the risk, users are recommended to upgrade to the latest version as soon as possible and rewrite their code to use the new Action File Upload mechanism and related interceptor."Apache Struts sits at the heart of many corporate IT stacks, driving public-facing portals, internal productivity applications, and critical business workflows," Saeed Abbasi, product manager of Threat Research Unit at Qualys, said. "Its popularity in high-stakes contexts means that a vulnerability like CVE-2024-53677 could have far-reaching implications."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Dec 18, 2024The Hacker NewsSoftware Security / DevSecOpsHaving been at ActiveState for nearly eight years, I've seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code.ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the developer case, helping to get open source on platforms like Windows.Over time, our focus shifted from helping companies run open source to supporting enterprises managing open source when the community wasn't producing it in the way they needed it. We began managing builds at scale, and supporting enterprises in understanding what open source they're using and if it's compliant and safe.Managing open source at scale in a large organization can be complex. To help companies overcome this and bring structure to their open source DevSecOps practice, we're unveiling our end-to-end platform to help manage open source complexity.The current state of open source and supply chain securityIt's inevitable that with the soaring popularity of open source comes an influx of security issues. Open source adoption in modern software applications is significant. Over 90% of applications contain open source components. Open source is now at the core of how we produce software, and we've hit a point where it's the primary vector for bad actors to get access to nearly any piece of software. Attacks have been around forever, but there's been an increasing number of incidents in recent years. The pandemic surfaced new opportunities for bad actors. When people were using their own home networks and VPNs with less stringent security measures, it started to allow for more risk. Despite return to office efforts, many IT workers are still at home, so these opportunities still exist.Additionally, many enterprises don't have processes in place for how they choose and procure open source software, so devs blindly find and incorporate it. The challenge is companies then don't know where open source code is coming from, who built it, and with what intentions. This creates multiple opportunities for attacks to happen throughout the open source software supply chain process.Open source is an open ecosystem, which makes it vulnerable 'by design.' It needs to be as open as possible to not hinder authors from contributing, but there's a real challenge of keeping it secure throughout the entire development process.Risks don't just exist when you're importing. If your build service isn't secure when you start building, you can be at risk. Many of the most recent attacks we've seen are open source software supply chain attacks not vulnerabilities. This requires a whole new approach to open source security.Reimagining the open source management processAt ActiveState, it's our mission to bring rigor to the open source supply chain. Companies can get better visibility and control over their open source code across DevSecOps by focusing on a four-step management cycle.Step 1: DiscoveryBefore you can even begin to remediate vulnerabilities, you need to know what you're using in your code. It's important to take inventory of all the open source that's running within your organization. An artifact of this effort could look like a dashboard.Step 2: Prioritization Once you have the dashboard, you can start analyzing for vulnerabilities and dependencies and prioritize which to focus on first. Understanding where the risks are in your codebase and triaging them will help you make informed decisions about next steps.Step 3: Upgrading and curatingNow comes the remediation and change management phase. You'll want to establish governance and policies for managing open source across your org to keep everyone aligned across functions and teams. You should also closely manage what dependencies are used in both production and development environments to minimize risk. In our platform, we maintain a large immutable catalogue of open source software. We keep a consistent, reproducible record of around 50 million version components, and we are constantly adding to it. It helps our users make sure they can always get back to reproducible builds. It means you can curate the entire internet for open source while trusting it's secure. Step 4: Build and deployThe build and deploy phase involves incorporating secure and safe open source components into your code - because you're not really remedied and secure until the fixes are deployed. At ActiveState, we build and track everything. From when we ingest source code to when we build it into a secure cluster. We then give it to you in a variety of formats to be deployed depending on your needs. We're the only solution (that we know of) that truly helps companies remediate and deploy, completing the full lifecycle of ensuring software supply chain security. A new ActiveState: tackling open source security challenges head-onThrough our work in open source over the past decade, we've discovered there's a gap between the passionate communities producing open source and the enterprises that want to use it in their software. We're now helping to close that gap, empowering the open source ecosystem while bringing security to organizations.The refreshed platform we've developed and focused on facilitating collaboration between various players across organizations, including developers, DevOps, and security. Our platform helps teams smoothly run a continuous cycle of managing open source. There are six key use cases we're focused on helping teams drive outcomes around.Discoverability and observability: Gain complete insight into everything from open source usage to deployment locations.Continuous open source integration: Keep your code up-to-date, avoid breaking changes, and eliminate risk.Secure environment management: Make sure your dev, test, and production environments are consistent and reproducible. Governance and policy management: Maintain a curated open source catalogue without slowing down development times.Regulatory compliance: Automatically comply with government regulations and accelerate security reviews.Beyond end-of-life support: Stay stable and secure even after systems reach end of lifeIf your team can use support for any of these use cases, our new platform can help. Explore the refreshed ActiveState platform with a Platform Enterprise Trial today.Note: This insightful article is brought to you by Pete Garcin, Senior Director of Product at ActiveState, sharing his expertise and unique perspective on the evolving challenges and solutions in open source management.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE