A recent report has disclosed that there has been a tremendous growth of 633% (year-over-year) in cyber-attacks on open-source repositories. This sharp rise goes viz-a-viz with the trend of a boom in the adoption of open-source repos among enterprises.
Recent findings
New research by Sonatype suggests that the massive use of open-source repos have invited the risks of being targeted by cyber adversaries.
- The top downloaded open-source ecosystems are Java (Maven), JavaScript (npm), Python (PyPI), and .NET (NuGet). The overall download volume of these four ecosystems is projected to top 3 trillion downloads in the future.
- The report states that 1.2 billion vulnerable Java dependencies are still getting downloaded each month, while the new and patched versions are getting ignored by the users.
- About 6 out of every 7 project vulnerabilities come from transitive dependencies, and about 96% known-vulnerable open-source downloads are avoidable.
The landscape of open-source threats
- Known attacks against open-source repositories have increased by 633% year-over-year. Moreover, since 2019, there has been an annual, overall increase of 742% in such attacks.
- Recent exploitations of the open-source ecosystem, from Log4j to crypto heists tied to open-source repositories, have further highlighted the general risks of software supply chain security.
- Moreover, rising cyberattacks against popular enterprise products such as Apache HTTP Server and others highlight the growing danger of open-source software in enterprises.
Security tips
Organizations using open-source software should prioritize the security of their software development process to deal with the potential risk of using outdated and vulnerable systems. Organizations must employ a rigorous evaluation and testing process on their own. Furthermore, open-source developers should follow best practices to better secure their code.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/47bd_shutterstock_1349671547.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/a90c_shutterstock_437641798.jpg)
