New Threats to Open Source Ecosystems

Presented by

Ax Sharma

About this talk

In 2021 developers downloaded more than 2.2 trillion open-source packages. And whilst open source is critical to fuel digital innovation, the software supply chain has become a prime target. With a 650% year over year increase in supply chain attacks aimed at upstream public repositories, organizations are now faced with a new front line for security controls: developers. Join Sonatype Security Researcher, Ax Sharma as he takes a deep dive into software supply chain security and open-source threats in npm and PyPI. In this session, Ax explores the rise of protestware, recent library hijacks and typosquatting attacks including colors and fakers, cryptomining, trojan source and the Version 2 attack.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (10)
Subscribers (949)
Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code, infrastructure as code, and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.