Supply chain attacks have increased by 650% year on year, aimed at upstream. open source Public reserves, according to a new report.
Interestingly, despite the danger, Cyber security The company notes the seventh annual state-of-the-art software supply chain report of the gold type, a strong increase in demand and supply of open source software.
“This year’s Software Supply Chain Report shows how open source is an important fuel for digital invention and is a key target for software supply chain attacks,” said Matt Howard, EVP of SonaType. “
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take no more than 60 seconds of your time, and we would appreciate it if you would share your experiences with us.
Popular projects are more vulnerable.
The report notes that demand for open source software increased by 73% in 2021, with developers expecting to download 2.2 trillion open source packages from the top four ecosystems.
Gold-type analysis reveals that the top four open source ecosystems now contain different versions of a total of 37,451,682 components, representing a 20% increase over the previous year.
However, the security company points to a shocking increase in attacks “aimed at exploiting vulnerabilities in the open source ecosystem.”
The collapse of the threats revealed that popular projects were more vulnerable, with 29% of them involving at least one known security threat.
When it comes to finding vulnerabilities in the less popular project version, that number drops to 6.5 percent. The gold type is seen as a symbol of security researchers (black hot and white hot) who focus their efforts on the most used projects.
Gold-type research is not the first to highlight the critical need to secure open source software supply chains. Vera Code reached a similar conclusion. Earlier this yearBased on an analysis of 13 million scans of more than 86,000 repositories, with a total of more than 301,000 unique open source libraries.
Last year, the Linux Foundation created Microsoft, GutHub, Google, IBM, Red Hat and JPMorgan, among others. Open Source Security Foundation (Open SSF) With the goal of improving open source security. Earlier this year, the group announced that Scorecard project., To help clean up the open source software supply chain.