Supply Chain

The Next Supply Chain Attack Vector: Open-Source Software

The U.S. government has made significant strides in reducing direct cyberattack risks through programs such as the Cybersecurity and Infrastructure Security Agency (CISA), as well as by issuing ...
Ars Technica

Supply-chain attacks on open source software are getting out of hand

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious ...
CSOonline

Why open-source software supply chain attacks have tripled in a year

Uneven maintenance practices and developers' willingness to download risky code have made open-source repositories a favored initial access tactic for attackers. The number of incidents where ...
TechRepublic

Google Cloud offers Assured Open Source Software for free

In the face of growing risks from open-source software dependencies, Google Cloud is releasing its Assured Open Source Software (Assured OSS) service for Java and Python ecosystems at no cost. Image: ...