Information Security News mailing list archives
Report: Code Responsible for Equifax Breach Downloaded 21 Million Times Last Year
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 27 Jun 2019 08:06:58 +0000 (UTC)
https://www.nextgov.com/cybersecurity/2019/06/report-code-responsible-equifax-breach-downloaded-21-million-times-last-year/158042/ By Jack Corrigan, Staff Correspondent Nextgov June 26, 2019Digital adversaries are increasingly targeting the supply chain for open source software to gain covert access to government and industry networks, according to a recent report.
That said, the number of breaches tied to open source software is falling as organizations get smarter about their IT development practices, security researchers found.
The popularity of open source software has skyrocketed in recent years as developers are expected to churn out more fresh tech in less time. In its fifth annual State of the Software Supply Chain report, researchers at Sonatype said the number of weekly downloads of the popular open source software package Java nearly tripled in 2018, from 3.5 billion to 10 billion.
But as virtually every organization comes to rely on crowdsourced code to run their tech, they also face more potential cybersecurity risks. Many open source components contain vulnerabilities, and if groups aren’t careful they could unknowingly install compromised software.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Report: Code Responsible for Equifax Breach Downloaded 21 Million Times Last Year InfoSec News (Jun 27)