Security News > 2021 > September > Here's a fix for open source supply chain attacks
TechRepublic contributing writer Jack Wallen is correct that "Open source software has proved itself, time and time and time again, that it is business-grade for a very long time." Sonatype is also correct that supply chain attacks against popular open source software repositories jumped 650% over the last year.
Open source keeps growing in popularity, to the tune of 2.2 trillion open source packages pulled from repositories like npmjs and Maven in 2021, according to Sonatype's study.
As the report continues, the old way of exploiting vulnerabilities in open source projects would be to look for publicly accessible, unpatched security holes in open source code.
Hackers "Are taking the initiative and injecting new vulnerabilities into open source projects that feed the global supply chain, and then exploiting those vulnerabilities."
Often, they're getting that open source delivered to them as managed services, which strips away hardware and software friction, allowing developers to move at maximum speed with a minimum of constraint.
It's still early, but hopefully this widespread adoption of open source software to deliver higher-order cloud services will, in turn, lead to widespread contributions to the open source projects upon which these services depend.
News URL
Related news
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Evilginx: Open-source man-in-the-middle attack framework (source)