Security Teams Need To Address One Of The Biggest Software Supply Chain Risks: Open Source
Rezilion, Monday, July 17,2023
One of the biggest threats to software supply chain security is open source software applications and components. Many enterprises and small businesses have come to rely on open source solutions, and they are an important part of IT strategies today. But vulnerabilities in open source software present a risk because they can provide cyber criminals with a way to carry out attacks.
'Attackers can easily deliver malware inside of 'open source' packages,' said Jossef Harush Kadouri, head of software supply chain security at Checkmarx, speaking at a session held at the recent RSA Conference virtual seminar on supply chain security.
Kadouri said he has been working in software supply chain security for about three years. 'From a developer's perspective, when I started this it was quite clear that no one was actually checking 'what's in' our open source packages,' he said.
Now, Kadouri and teams of researchers, software engineers and developers have a mission to track attackers that are using open source software to launch supply chain attacks.