https://www.nextgov.com/cybersecurity/2019/06/report-code-responsible-equifax-breach-downloaded-21-million-times-last-year/158042/
By Jack Corrigan,
Staff Correspondent
Nextgov
June 26, 2019
Digital adversaries are increasingly targeting the supply chain for open
source software to gain covert access to government and industry networks,
according to a recent report.
That said, the number of breaches tied to open source software is falling
as organizations get smarter about their IT development practices,
security researchers found.
The popularity of open source software has skyrocketed in recent years as
developers are expected to churn out more fresh tech in less time. In its
fifth annual State of the Software Supply Chain report, researchers at
Sonatype said the number of weekly downloads of the popular open source
software package Java nearly tripled in 2018, from 3.5 billion to 10
billion.
But as virtually every organization comes to rely on crowdsourced code to
run their tech, they also face more potential cybersecurity risks. Many
open source components contain vulnerabilities, and if groups aren’t
careful they could unknowingly install compromised software.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
