all InfoSec news
The root cause of open-source risk
Help Net Security www.helpnetsecurity.com
2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are still avoidable. 2.1 billion OSS downloads with known vulnerabilities in 2023 could have been avoided because a better, fixed version was available – the exact same percentage as in 2022. For every non-optimal component upgrade … More
The post …
attacks ciso cybersecurity downloads known vulnerabilities malicious malicious packages open source oss packages report risk risks root software software development software supply chain software supply chain attacks sonatype strategy supply supply chain supply chain attacks survey today vulnerabilities