The software development process is becoming increasingly rapid. Devops teams are under additional pressure to get to market quickly, thanks in part to open-source software (OSS) packages. OSS has become so common that it is estimated to account for 80 to 90% of any given piece of modern software.
However, while it has been a great accelerator to software development, OSS creates a large surface area that must be protected because there are millions of packages created anonymously that developers use to build software. Most open-source developers act in good faith; they want to make life easier for other developers who may face the same problem they are. According to GitHub’s Open Source Survey, “the most frequently encountered bad behavior is rudeness (45% witnessed, 16% experienced), followed by name calling (20% witnessed, 5% experienced) and stereotyping (11% witnessed, 3% experienced).”
Unfortunately, not every open-source software package can be relied on. Because attribution for modifications made to open-source code is difficult to track, identifying malicious actors who want to negotiate the code’s integrity becomes nearly impossible. Malicious open-source software packages have been incorporated to highlight the fact that large corporations use these packages but do not fund their development, as well as for purely nefarious purposes.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: