In 2022 Google released a tool to easily scan for vulnerabilities in dependencies named OSV-Scanner. "Together with the open source community, we've continued to build this tool, adding remediation features," according to Google's security blog, "as well as expanding ecosystem support to 11 programming languages and 20 package manager formats... Users looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities..." Thursday they also announced an extensible library for "software composition analysis" scanning (as well as file-system scanning) named OSV-SCALIBR (Open Source Vulnerability — Software Composition Analysis LIBRary). The new library "combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as: Software composition analysis for installed packages, standalone binaries, as well as source code OSes package scanning on Linux (COS, Debian, Ubuntu, RHEL, and much more), Windows, and Mac Artifact and lockfile scanning in major language ecosystems (Go, Java, Javascript, Python, Ruby, and much more) Vulnerability scanning tools such as weak credential detectors for Linux, Windows, and Mac Software Bill of Materials (SBOM) generation in SPDX and CycloneDX, the two most popular document formats Optimization for on-host scanning of resource constrained environments where performance and low resource consumption is critical "OSV-SCALIBR is now the primary software composition analysis engine used within Google for live hosts, code repos, and containers. It's been used and tested extensively across many different products and internal tools to help generate SBOMs, find vulnerabilities, and help protect our users' data at Google scale. We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface."

Read more of this story at Slashdot.

Fortune reports 18% of workers have engaged in "career catfishing" — getting a job offer, but then refusing to show up on the first day of work. And when someone posted Fortune's article to Reddit's antiwork subreddit, it drew 2,100 upvotes -- and another 84 comments. ("I love doing this...! This feels really great to do after a company has jerked you around, and basically said that several other people were in line ahead of you... after five interviews.") But Fortune reports there's other sources of frustration: At the moment, Gen Z is contending with an onerous battle to land an entry-level, full-time role. The class of 2025 is set to apply to more jobs than the graduating class prior, already submitting 24% more applications on average this past summer than seniors did last year. Furthermore, the class of 2024 applied to 64% more jobs than the cohort before them, according to job platform Handshake. To make matters all the more bleak, the number of job listings has dwindled from 2023 levels, generating deeper frenzy and more intense competition for the roles listed. That adds up to a hiring managers' market and senior executives are playing hardball; only 12% of mid-level executives think entry-level workers are prepared to join the workforce, per a report from technology education provider General Assembly. About one in four say they wouldn't hire today's entry-level employees. Yet, that's not really the point of entry-level roles, points out Jourdan Hathaway, General Assembly's chief business officer. By definition, it's a position that requires investment in a young adult, she explained. "The entry-level employee pipeline is broken," Hathaway wrote in a statement. "Companies must rethink how they source, train, and onboard employees." The especially competitive hiring landscape could be forcing Gen Zers to accept the first gig they can get because the job market is so dire — only to later regret it and not show up the first day. The article also acknowledges that "employers themselves have a role in the two-way communication — or lack thereof — between hire and hirer." Almost 80% of hiring managers admitted they've stopped responding to candidates during the application process, according to a survey of 625 hiring managers from Resume Genius. Gen Zers say that their ghosting is in reaction to the company's behavior. More than a third of applicants who have purposefully dropped the ball say it was because a recruiter was rude to them or misled them about a position, according to Monster... In part, it's likely AI that's fueling said ghosting. AI has become more integrated into the hiring process, becoming a screener that rejects resumes without ever reaching a human person's eyes. That phenomenon possibly fuels both sides' tendency to be non-responsive...

Read more of this story at Slashdot.

CNN has the latest on "a startling discovery made public in July that metallic rocks were apparently producing oxygen on the Pacific Ocean's seabed, where no light can penetrate. "Initial research suggested potato-size nodules rich in metals, predominantly found 4,000 meters (13,100 feet) below the surface in the Clarion-Clipperton Zone, released an electrical charge, splitting seawater into oxygen and hydrogen through electrolysis." The unprecedented natural phenomenon challenges the idea that oxygen can only be made from sunlight via photosynthesis. Andrew Sweetman, a professor at the UK's Scottish Association for Marine Science who was behind the find, is embarking on a three-year project to investigate the production of "dark" oxygen further... Uncovering dark oxygen revealed just how little is known about the deep ocean, and the Clarion-Clipperton Zone, or CCZ, in particular. The region is being explored for the deep-sea mining of rare metals contained in the rock nodules. The latter are formed over millions of years, and the metals play a key role in new and green technologies... Understanding the phenomenon better could also help space scientists find life beyond Earth, [Sweetman] added... Officials at NASA are interested in the research on dark oxygen production because it could inform scientific understanding of how life might be sustained on other planets without direct sunlight, Sweetman said. The space agency wants to run experiments to understand the amount of energy required to potentially produce oxygen at higher pressures that occur on Enceladus and Europa, the icy moons of Saturn and Jupiter, respectively, he added. Those moons are among the targets for investigating the possibility of life. Deep-sea mining companies are aiming to mine the cobalt, nickel, copper, lithium and manganese contained in the nodules for use in solar panels, electric car batteries and other green technology. Some companies have taken issue with Sweetman's research. Critics say deep-sea mining could irrevocably damage the pristine underwater environment and that it could disrupt the way carbon is stored in the ocean, contributing to the climate crisis. CNN's article also notes Massachusetts microbiologist Emil Ruff, who found unexpected oxygen far below the Canadian prairie in water isolated from the atmosphere for more than 40,000 years. "Nature keeps surprising us," he said. "There are so many things that people have said, 'Oh, this is impossible,' and then later it turns out it's not."

Read more of this story at Slashdot.