images
figures
Blog

Growing Reliance on Open Source Libraries Leaves Many Companies Vulnerable

Steven Puddephatt
03.06.2019
image 1 Min read
Open Source & Code Security

Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi, warns that the growing reliance on OSLs for software development leaves many companies vulnerable to trust-based attacks.

Cybercriminals use trust attacks to maliciously manipulate and insert code into open source libraries, taking advantage of organizations’ dependence on them. Unsuspecting developers and site managers actively introduce malware into their own software and websites when they use a compromised OSL.

When the infected code is distributed by a legitimate developer, the resulting malicious software will be automatically trusted by its users’ computers, infecting their computers and networks.

Since trust-based attacks can infect millions of computers very quickly, it is critical that organizations increase their awareness about the risks associated with OSL security.

Read more: Help Net Security

Comments

0 comments

There’s more to see

slider item
Open Source & Code Security

Demo: Inside Snyk’s Open Source Security

Steven Puddephatt 11.10.21

Open source code is only as safe & reliable as your ability to scan it. Dependencies don’t only jam production – they might also pose real security risks. This is what makes an automated Open Source Security solution so vital to your cloud security stack. In this demo, our solution architect Steven Puddephatt will walk […]

Read more
slider item
Open Source & Code Security

Report: State of CNAS, Q2 2021

Admin Globaldots 16.06.21

As companies embrace cloud native technologies as part of their digital transformation, security becomes key to delivering software products faster and error-free. This latest survey by Snyk: Evaluates the latest cloud-native development trends. Demonstrates how Cloud Native App Security (CNAS) fits into CI/CD. Reveals what still keeps some companies from moving to cloud-native platforms.  Fill […]

Read more
slider item
Open Source & Code Security

Practicing Security in Open Source Communities

Guest Writer 31.05.21

Open source projects are the embodiment of the core philosophy: ‘free internet and technology for everyone around the globe’. They can be created, changed and distributed to anyone by anyone and for any purpose. Contributing to an open source projects is an endorsement of this philosophy, that promotes digital literacy in technological and non-technological communities. […]

Read more

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us
figure figure figure figure figure