"The Root Cause of Open-Source Risk"
2023 saw double the total of software supply chain attacks that occurred in 2019-2022. In 2023, Sonatype logged 245,032 malicious packages. One out of every eight open-source downloads now contains known and avoidable risks. Almost all (96 percent) vulnerabilities can still be prevented. In 2023, 2.1 billion open-source software (OSS) downloads with known vulnerabilities could have been avoided due to the availability of a better, patched version. Suboptimal open-source consumption habits are the primary cause of open-source risk. This article continues to discuss the root cause of open-source risk, how vulnerabilities can still be prevented, and the disconnect between perceived security and reality.
Help Net Security reports "The Root Cause of Open-Source Risk"
Submitted by grigby1