Start your day with intelligence. Get The OODA Daily Pulse.
A new report has found that the open-source ecosystem is filled with malicious packages.
A report published by the firm Sonatype has found a dramatic increase in the amount of malicious packages in the open source ecosystem. The report found that 500,000 out of 7 million open source projects they examined contained a malicious package. The report highlighted that developers and publishers have not placed enough emphasis on security when developing packages. The report also noted that patching known vulnerabilities often takes far too long and leaves users exposed to unnecessary risks.
Read more:
https://cyberscoop.com/open-source-security-supply-chain-sonatype/