So far in 2022, researchers at Sonotype have discovered over 88,000 malicious open source packages, a 742% increase per year since 2019. The packages were caught using AI behavioral analysis and automated policy enforcement and verified by the research team.
The results found in Sonatype’s 8th Annual State of the Software Supply Chain report were compiled from a study of the four major open source ecosystems, including Maven, NpM, PyPI and NuGet. Downloads in 2022 from these systems are estimated at 3.1 Trillion highlighting the growing risk to corporate systems from threat actors inserting malicious packages into repositories, as well as accidental vulns downloaded by development teams.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
