Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Researchers find 633% increase in cyber-attacks aimed at open source repositories

Researchers warn that there has been a 633% year-over-year increase in cyber-attacks launched against open source software repositories.

Open source components, frameworks, libraries, and whole platforms are relied upon by organizations during multiple stages of the software development lifecycle. These components provide the lynchpins for communication, software capabilities, security, and user interactions – and as they are developed and reviewed by communities, open source promotes innovation in the software space.

However, the other side of the coin is that open source contributors are volunteers; therefore, security issues can sometimes slip through the net. Furthermore, IT teams may not be aware of what open source software is in use and so they might easily miss patch alerts and upgrades that impact their business.

New research suggests that cyber-attackers – well aware of organizational reliance on open source software – are increasing their attempts to compromise repositories year on year.

According to Sonatype’s 8th Annual State of the Software Supply Chain report, known attacks against open source repositories have increased by 633% year-over-year, and there has been an annual, overall increase of 742% since 2019.

After analyzing data from public and proprietary sources, the software supply chain security firm said that the popularity and growth of open source software continues to climb. The four main ecosystems – JavaJavaScript, Python, and .NET – tied to open source development are set to go beyond three trillion downloads in the near future.

However, this popularity has security ramifications.

Technical debt

“The amount of third-party code flowing through software supply chains occurs on a massive scale,” the researchers said. “Yet published code accrues technical debt over time, creating the potential for compounded security vulnerabilities, if not kept up-to-date.”

According to the researchers, 1.2 billion Java dependencies known to be vulnerable, for example, are downloaded each month while new, patched, or improved versions are ignored.

Sonatype said this is a prime example of “non-optimal consumption behaviors as the root of open source risk”.

“This is in contrast to public discussion, which often associates security risk with open source maintainers,” the report added.

Risky business

Risky behavior is not necessarily anyone’s fault. Developers tasked with managing dependencies face more complexity in their roles than ever, with the average Java application containing 148 dependencies – 20 more than 2021’s average – and going through an average ten updates a year.

Each dependency could contain vulnerabilities, so developers must track potentially thousands of changes per year, per app. Therefore, mistakes will be made.

Brian Fox, co-founder and CTO of Sonatype said that “the overwhelming tide of dependency intelligence that developers must interpret in their daily development process is at odds with prioritizing good software quality”.

It is, therefore, critical that education on the potential risk of outdated, vulnerable open source software is understood, and teams should consider adopting automation to lighten the load.

Advertisement. Scroll to continue reading.

Fox added: “[The] sobering reality demonstrates the immediate need for organizations to prioritize software supply management so that they can better deal with security risk, increase developer efficiency, and enable faster innovation.”

Source: https://portswigger.net/daily-swig/researchers-find-633-increase-in-cyber-attacks-aimed-at-open-source-repositories

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

Cummins Inc. has approved its high-horsepower diesel engines across all ratings for use with unblended paraffinic fuels (EN15940), often referred to as renewable diesel,...

Business News

PT BAUER Pratama Indonesia, the Indonesian subsidiary of BAUER Spezialtiefbau GmbH, was commissioned to manufacture the retaining walls for the basement in Kota Station...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Cyber Security

New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO