Home Resources Blog Growing Reliance on Open Source Libraries Leaves Many Companies Vulnerable
Open Source & Code Security

Growing Reliance on Open Source Libraries Leaves Many Companies Vulnerable

Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots
03.06.2019
image 1 Min read

Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi, warns that the growing reliance on OSLs for software development leaves many companies vulnerable to trust-based attacks.

Cybercriminals use trust attacks to maliciously manipulate and insert code into open source libraries, taking advantage of organizations’ dependence on them. Unsuspecting developers and site managers actively introduce malware into their own software and websites when they use a compromised OSL.

When the infected code is distributed by a legitimate developer, the resulting malicious software will be automatically trusted by its users’ computers, infecting their computers and networks.

Since trust-based attacks can infect millions of computers very quickly, it is critical that organizations increase their awareness about the risks associated with OSL security.

Read more: Help Net Security

open source security

Learn More

slider item
Open Source & Code Security
Practicing Security in Open Source Communities
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 31.05.21

Open source projects are the embodiment of the core philosophy: ‘free internet and technology for everyone around the globe’. They can be created, changed and distributed to anyone by anyone and for any purpose. Contributing to an open source projects is an endorsement of this philosophy, that promotes digital literacy in technological and non-technological communities. […]

Read more
slider item
Open Source & Code Security
SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 31.05.21

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source […]

Read more
slider item
Open Source & Code Security
Defining Developer-first Container Security
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 31.05.21

Have you shifted left yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does not […]

Read more
Back to Resources
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo