Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi, warns that the growing reliance on OSLs for software development leaves many companies vulnerable to trust-based attacks.
Cybercriminals use trust attacks to maliciously manipulate and insert code into open source libraries, taking advantage of organizations’ dependence on them. Unsuspecting developers and site managers actively introduce malware into their own software and websites when they use a compromised OSL.
When the infected code is distributed by a legitimate developer, the resulting malicious software will be automatically trusted by its users’ computers, infecting their computers and networks.
Since trust-based attacks can infect millions of computers very quickly, it is critical that organizations increase their awareness about the risks associated with OSL security.
Read more: Help Net Security