From itsecurityguru.org
Earlier today, experts have uncovered 88,000 malicious open source packages so far this year, a triple-digit increase on the same figure in 2019 and indicative of a fast-growing corporate attack surface.
Sonatype’s eighth annual State of the Software Supply Chain report, which was compiled from public and proprietary data analysis, has revealed the figures including 131 billion Maven Central downloads and thousands of open source projects.
Notably, it details the growing risk to corporate systems from both malicious packages inserted into repositories by threat actors, and accidental vulnerabilities that are unwittingly downloaded by DevOps teams.