Open source cyberattacks increasing by 650%, popular projects more vulnerable

2021-09-17 05:00

Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions.

Open source supply, demand, and security dynamics Supply increased 20%. The top four open source ecosystems now contain a combined 37,451,682 different versions of components.

Despite a huge available supply of open source projects, utilization is concentrated in a surprisingly small number of popular projects.

Empirical metrics to identify the best open source projects Projects with a faster mean time to update are more secure.

Popular open source projects were 2.8 times more likely to contain vulnerabilities.

"While developer demand for open source continues to grow exponentially, our research shows for the first time just how little of the overall supply is actually being utilized. Further, we now know that popular projects contain disproportionately more vulnerabilities. This stark reality highlights both a critical responsibility, and opportunity, for engineering leaders to embrace intelligent automation so they can standardize on the best open source suppliers and simultaneously help developers keep third-party libraries fresh and up to date with optimal versions."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/wwmbfXh0PEI/

#cyberattack #opensource