2 Lenses For Examining The Safety Of Open Source Software
DARKReading, Friday, May 26,2023
Improving the security of open source repositories and keeping malicious components out requires a combination of technology and people.
Open source repositories - such as Python's PyPI, the Maven Java repository, and the Node Package Manager (npm) for JavaScript - typically have a skeleton crew of engineers and volunteers to manage and secure the infrastructure. The volume of malicious users and projects being created on these platforms everyday is fast outpacing security review teams' capacity to keep up.
The focus on the security of repositories mirrors the increasing attention that the software supply chain has garnered from attackers, says Tim Mackey, head of software supply chain risk strategy at software integrity firm Synopsys.