Attacks on open source repositories are becoming more and more frequent. According to recent research, cybercriminals are making money as more and more companies use open source code repositories to develop their software and solutions.

2025/04/1819:29:34 technology 1250

Attacks on open source repositories are becoming more and more frequent. According to recent research, cybercriminals are making money as more and more companies use open source code repositories to develop their software and solutions. - DayDayNews

attacks on open source repositories more and more frequently.

According to recent research, cybercriminals are making money as more and more companies use open source code repositories to develop their software and solutions. According to recent research done by Sonatype, a software supply chain management service provider, in the past three years, the frequency of infected software packages, as well as counterfeit attacks on these software platforms, typosquatting assaults and similar hacking attacks have increased significantly.

The company has discovered about 95,000 harmful packages in the past three years, and more than 55,000 dangerous packages recently released using their repository firewall. By then, this number will grow by an average of 700% in three years.

The company said that their repository firewall will continuously discover and block harmful software packages and potentially vulnerable components through converged behavioral analysis and automated policy execution. In addition, it also uses artificial intelligence to evaluate each newly released open source software to see if it poses some security risks. And the company asserts that due to the rapid increase in open source code, manual analysis has become nearly impossible.

However, this has nothing to do with whether the business contains infected malicious components in its final product. The company claims that it would be too late if those malicious components had been downloaded to their endpoints.

"The number, frequency, severity and complexity of malicious cyber attacks are growing. But enterprises cannot and should not avoid open source code just to protect themselves." Fox added: "But they can use preventive tools such as the Sonatype firewall to ensure the progress of developers and the security of the software supply chain."

via: https://www.opensourceforu.com/2022/09/attacks-on-open-source-software-are-on-the-rise/

Author: Laveesh Kocher Topic: lkxed Translator: Free Iron Ore Proofreading: wxy

This article was originally compiled by LCTT, and Linux China Honors launched

technology

This introduction Baidu gets permits for first fully driverless taxi service in China Tech giant Baidu announced Monday that it has o - DayDayNews

This introduction Baidu gets permits for first fully driverless taxi service in China Tech giant Baidu announced Monday that it has o

English reading improvement: the first batch in China! Baidu driverless taxis operates on the road

04/26 1099

Is the incident in Liu Qiangdong really settled in the misunderstanding? What responsibilities should Liu Qiangdong bear in this matter? Let’s talk about Liu Qiangdong’s “misunderstanding” again, let’s reflect on why our mainstream media does not speak out? - DayDayNews

Is the incident in Liu Qiangdong really settled in the misunderstanding? What responsibilities should Liu Qiangdong bear in this matter? Let’s talk about Liu Qiangdong’s “misunderstanding” again, let’s reflect on why our mainstream media does not speak out?

Let’s talk about Liu Qiangdong’s “misunderstanding” again, and reflect on why our mainstream media does not speak out

04/26 1240

This is a browser extension for sniffing, analyzing web page pictures and providing batch downloads and other functions. It supports online collection, search and sharing services. It can process web pages and local pictures. The extension address is shown in the original link, s - DayDayNews

This is a browser extension for sniffing, analyzing web page pictures and providing batch downloads and other functions. It supports online collection, search and sharing services. It can process web pages and local pictures. The extension address is shown in the original link, s

Download web pictures in batches without saving them one by one

04/26 1357

Power plant boiler Utility boiler for steam supply to steam turbine generator sets in thermal power plants. Including boiler body and supporting auxiliary machines. After the fuel is burned in the furnace of the boiler, heat transfer is transferred through the metal wall to conve - DayDayNews

Power plant boiler Utility boiler for steam supply to steam turbine generator sets in thermal power plants. Including boiler body and supporting auxiliary machines. After the fuel is burned in the furnace of the boiler, heat transfer is transferred through the metal wall to conve

Reading Notes on "China Encyclopedia (2nd Edition)" 9250-Power Station Boiler

04/26 1164

Lan Ge Zhiyang International Marketing Consulting Agency Yu Fei is approaching, and Ren Zhengfei has already "transmitted the cold to everyone"! Some new "digital hot words" such as Internet communities, Internet traffic pools, precipitation of private domain traffic... have caus - DayDayNews

Lan Ge Zhiyang International Marketing Consulting Agency Yu Fei is approaching, and Ren Zhengfei has already "transmitted the cold to everyone"! Some new "digital hot words" such as Internet communities, Internet traffic pools, precipitation of private domain traffic... have caus

Teacher Yu Fei talked about: How can small and medium-sized enterprises use private domain traffic to operate users to break the market?

04/26 1585

This year, new phones are released in large numbers, but from the perspective of cost-effectiveness, the Motorola and Redmi K series are favored by people. Now users' eyes are indeed very bright, and you can know that it has not been truly good at quality and low prices at a glan - DayDayNews

This year, new phones are released in large numbers, but from the perspective of cost-effectiveness, the Motorola and Redmi K series are favored by people. Now users' eyes are indeed very bright, and you can know that it has not been truly good at quality and low prices at a glan

Motorola edge X40 does enough homework, 1TB+5500mAh battery, hardcore enough

04/26 1451

Xiaomi Technology released its first 200 million pixel smartphone, Xiaomi 12T Pro, yesterday. Before that, moto released the world's first 200 million pixel smartphone, the moto X30 Pro, with a starting price of 3,499 yuan; Xiaomi 12T Pro and moto X30 Pro both use Samsung HP1 mai - DayDayNews

Xiaomi Technology released its first 200 million pixel smartphone, Xiaomi 12T Pro, yesterday. Before that, moto released the world's first 200 million pixel smartphone, the moto X30 Pro, with a starting price of 3,499 yuan; Xiaomi 12T Pro and moto X30 Pro both use Samsung HP1 mai

The first 200 million pixel Xiaomi phone is released! Equipped with Snapdragon 8+, the starting price is over 5,000 yuan?

04/26 1238

1. MEMS microphone review Electroacoustic transducers are devices that convert electrical signals into sound signals. Depending on the purpose, devices with small output power and listening near the human ear are generally called telephone receivers in the electroacoustic industr - DayDayNews

1. MEMS microphone review Electroacoustic transducers are devices that convert electrical signals into sound signals. Depending on the purpose, devices with small output power and listening near the human ear are generally called telephone receivers in the electroacoustic industr

MEMS microphone: multi-field drive, gradually realizing domestic replacement "picture"

04/26 1676

The following set of data can be said to be closely related to the business of physical store owners. As of June 2022, the number of Internet users in my country reached 1.051 billion, the number of short video users was 962 million, and the average number of individuals was onli - DayDayNews

The following set of data can be said to be closely related to the business of physical store owners. As of June 2022, the number of Internet users in my country reached 1.051 billion, the number of short video users was 962 million, and the average number of individuals was onli

Li Qixi: In the next three to five years, physical bosses will regard making Douyin as a strategy - physical stores Douyin in the same city

04/26 1567

According to Auganix, Epic Games and Autodesk, Inc. reached a strategic partnership to accelerate cross-industry immersive real-time 3D experiences, initially focusing on the construction, engineering and construction (AEC). - DayDayNews

According to Auganix, Epic Games and Autodesk, Inc. reached a strategic partnership to accelerate cross-industry immersive real-time 3D experiences, initially focusing on the construction, engineering and construction (AEC).

Epic Games and Autodesk reach strategic partnership to accelerate cross-industry immersive real-time 3D experience

04/26 1275