Security News > 2022 > March > Developer Sabotages Open-Source Software Package

Developer Sabotages Open-Source Software Package
2022-03-21 15:22

A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software.

It constantly surprises non-computer people how much critical software is dependent on the whims of random programmers who inconsistently maintain software libraries.

The term "Software Bill of Materials" or "SBOM" means a formal record containing the details and supply chain relationships of various components used in building software.

Software developers and vendors often create products by assembling existing open source and commercial software components.

An SBOM is useful to those who develop or manufacture software, those who select or purchase software, and those who operate software.

Developers often use available open source and third-party software components to create a product; an SBOM allows the builder to make sure those components are up to date and to respond quickly to new vulnerabilities.


News URL

https://www.schneier.com/blog/archives/2022/03/developer-sabotages-open-source-software-package.html