According to Sonatype, the alarming rise of open source malware, with a reported 156% increase in malicious packages, highlights the vulnerabilities in software supply chains.
The report emphasizes that the unique distribution method of open source malware exploits gaps in dependency management, thereby bypassing traditional security measures, directly attacking developers.
Sonatype's findings reveal that over 98% of identified malicious packages originate from npm, a platform designed for speed, inadvertently facilitating the entry of malicious software.
The increase in malicious open source packages, totaling 778,529 since 2019, underscores a growing trend where cybercriminals leverage open source software for their schemes.
Collection
[
|
...
]