Open source projects under attack, with enterprises as the ultimate targets

2022-09-27 03:30

Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects.

To capitalize on weaknesses in upstream open source ecosystems, cybercriminals continue to target organizations through open source repositories.

Sonatype's repository Firewall has identified more than 55,000 newly published packages as malicious in open source repositories over the past year, and nearly 95,000 over the past three years.

"Almost every modern business relies on open source. Clearly, the use of open source repositories as an entry point for malicious attacks shows no signs of slowing down-making the early detection of both known and unknown security vulnerabilities more important than ever," said Brian Fox, CTO of Sonatype.

The scale of open source malware attacks is so great that it'd be humanly impossible to detect and prevent every single attack in real time.

"The volume, frequency, severity, and sophistication of malicious cyberattacks continue to increase. Organizations can't-and shouldn't-avoid the use of open source just to protect themselves," Fox added.

News URL

https://www.helpnetsecurity.com/2022/09/27/open-source-projects-cyberattacks/

#attack #opensource

News URL

Related news