How open source software is being weaponised
Open Source

How open source software is being weaponised

In the technology world, open source software plays a powerful role. Released under a license that allows users to tweak and distribute applications for any purpose, it promotes open collaboration among technologists and offers a range of advantages.

For starters, adopting open source can provide access to high-quality software that doesn't cost a penny. And users are often surrounded by a community of like-minded users who can support and improve the application. However, there are also advantages when it comes to transparency, flexibility, interoperability and localisation.

Arguably, open source software holds a prized place in the technology ecosystem. But that's not to say there aren't risks, with hackers weaponising open source software libraries (OSSLs) through OSSL trust attacks that target the software supply chain. According to Sonatype, these threats increased by 55% last year.

In one notable example, EventStream - a JavaSciript library used by two million people globally - was infected by malicious code that steals bitcoins from wallets. This software was used by a plethora of Fortune 500 companies and startups. Just how dangerous are such attacks and how can they be mitigated?

A sophisticated threat

Attackers are constantly developing more sophisticated ways to compromise organisations, and it's fair to say OSSl trust attacks are one of them. Jing Xie, senior threat intelligence researcher at Venafi, says their defining characteristic is that the organisation that actually gets breached isn't the intended target.

To continue reading...


PREVIOUS ARTICLE

« CTO Sessions: Craig Harber, Fidelis Cybersecurity

NEXT ARTICLE

C-suite career advice: Derek Hutson, Datical »
author_image
Nicholas Fearn

Nicholas is a technology journalist from the Welsh valleys. His work has been featured on Engadget, Lifehacker, Gizmodo, TechRadar, The Next Web, Forbes, Computer Weekly, Computing, Mail Online, The Telegraph and many other media outlets. In addition, he edits Tech Dragons, a publication covering STEM in Wales.

  • Mail

Poll

Do you think your smartphone is making you a workaholic?