Securing software repositories leads to better OSS security

Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s account and update the package with malware. Consequently, the security capabilities of public software package repositories plays a crucial factor in securing the open-source software supply chain. OpenSSF’s efforts to improve open-source software security … More →

The post …

account attackers capabilities cisa compromise developer developers don't miss found framework github hot stuff malicious malicious software malware npm open source openssf oss package packages public pypi registry repositories security security capabilities software systems update