image credit: adobe stock
According to early data from Sonatype’s 8th annual State of the Software Supply Chain Report, an average 700% jump in cyberattacks against open source projects/repositories has been recorded over the last three years.
To capitalize on weaknesses in upstream open source ecosystems, cybercriminals continue to target organizations through open source repositories. They contribute malware-infected software components that are distributed downstream and ingested by applications that businesses and consumers rely on. Sonatype’s repository Firewall has identified more than 55,000 newly published packages as malicious in open source repositories over the past year, and nearly 95,000 over the past three years.
Comments are closed.
