Latest Breaking News On - Sonatype state of the software supply chain - Page 1 : comparemela.com

Just who is running your favourite project these days? Joseph Martins Wed 17 Feb 2021 // 20:00 UTC Share Copy Sponsored In November 2020, the JavaScript registry npm flashed a security advisory that a library called twilio-npm harboured malicious code which could backdoor any machine it was downloaded to. Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain. Between February 2015 and June 2019, 216 such Next Generation Software Supply Chain Attacks were recorded, according to Sonatype’s State of the Software Supply Chain Report, 2020. From July 2019, to May 2020, the number shot up to 929. Attacks jumped 430 per cent between 2019 and 2020.

Darmstadt universitySoftware supply chainDevelopment packLinux foundation core infrastructure initiativeSonatype state of the software supply chainGeneration software supply chainSponsored in novemberNext generation software supply chain attacksSoftware supply chain reportOctopus scannerApache netbeansDerek weeksLinux foundationCore infrastructure initiativeAdvanced development packNexus intelligence