AI-coded contributions? Most would rather skip the bot's work The majority of open source project maintainers are not being paid for their work, spend three times as much time on security than they did three years ago, and have become less trusting of contributors following the xz backdoor, according to open source package security firm Tidelift....

Meanwhile, the clock's ticking for the previous FOSS Redis Redis 8.2 is FOSS again, albeit under a different license, and has multiple performance enhancements. Meanwhile, Redis 7.2, the last of the old FOSS versions, is nearing its end of life. New version, or new Valkey?...

Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more Infosec in Brief As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers....