"The Root Cause of Open-Source Risk"
"The Root Cause of Open-Source Risk"
2023 saw double the total of software supply chain attacks that occurred in 2019-2022. In 2023, Sonatype logged 245,032 malicious packages. One out of every eight open-source downloads now contains known and avoidable risks. Almost all (96 percent) vulnerabilities can still be prevented. In 2023, 2.1 billion open-source software (OSS) downloads with known vulnerabilities could have been avoided due to the availability of a better, patched version. Suboptimal open-source consumption habits are the primary cause of open-source risk.