Search for an article

Select a plan

Choose a plan from below, subscribe, and get access to our exclusive articles!

Monthly plan

$
13
$
0
billed monthly

Yearly plan

$
100
$
0
billed yearly

All plans include

  • Donec sagittis elementum
  • Cras tempor massa
  • Mauris eget nulla ut
  • Maecenas nec mollis
  • Donec feugiat rhoncus
  • Sed tristique laoreet
  • Fusce luctus quis urna
  • In eu nulla vehicula
  • Duis eu luctus metus
  • Maecenas consectetur
  • Vivamus mauris purus
  • Aenean neque ipsum
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

HomeMalware & ThreatsNew Report Reveals U.S. Dominance in Anonymous Open-Source Contributions

New Report Reveals U.S. Dominance in Anonymous Open-Source Contributions

Published on

spot_img

A recent report by Lineaje AI Labs has illuminated a concerning trend in the world of open-source software development. The United States, while being the top contributor to open-source projects, also leads in anonymous contributions. This revelation has sparked significant apprehensions regarding transparency and security within the global software supply chain.

Entitled “Crossing Boundaries: Breaking Trust,” the report underscores the geopolitical risks intertwined with the geographical distribution of open-source contributions. As nation-state cyberattacks continue to escalate, the provenance of code has emerged as a crucial issue impacting national and economic security. Microsoft has estimated that its customers are bombarded with a staggering 600 million cyberattacks daily, with 24% of these targeting the IT sector emanating from nation-state attackers.

Key findings from the report indicate that the U.S. accounts for over one-third (34%) of global open-source contributions, with Russia following closely at 13%. Other noteworthy contributors include Canada, the United Kingdom, and China. However, what raises eyebrows is the high rate of anonymous open-source contributions originating from the U.S., amounting to 20% – more than double the rate of Russian contributions and triple that of Chinese contributions. Globally, approximately 5-8% of open-source components are shrouded in obscurity, with their origins unknown or dubious, thereby potentially introducing hidden backdoors, malware, or critical vulnerabilities into software systems.

Moreover, industries dependent on critical software components such as defense, water, electricity, banking, and retail face challenges in software maintenance due to contributions from multiple countries. This convoluted scenario renders it arduous to entirely exclude adversarial nations from the software supply chain.

The report also outlines troubling trends in the maintenance of open-source software, exacerbating critical vulnerabilities. Open source code contributes 2 to 9 times the code developers write, with over 95% of security weaknesses emanating from open-source dependencies. Alarmingly, more than half (51%) of these vulnerabilities have no known fixes, and a staggering 70% of open-source components are inadequately maintained. Surprisingly, unmaintained open-source software is found to be less vulnerable compared to well-maintained counterparts, the latter being 1.8 times more vulnerable due to the high rate of changes.

Furthermore, open-source projects can embed up to 60 layers of components, thereby complicating risk assessment and remediation efforts. Understanding which vulnerabilities to address can significantly streamline efforts, potentially reducing the workload by at least 50% and enhancing overall security posture by 20-70%. Additionally, the presence of multiple versions of open-source components within a single application adds complexity to remediation endeavors, with over 15% of such components exhibiting this version sprawl issue.

As the utilization of open-source software continues to surge, particularly within the global software supply chain, the need to comprehend and mitigate risks associated with anonymous contributions and maintenance gaps is paramount, particularly against the backdrop of escalating geopolitical tensions. The security and integrity of software systems hinge on addressing these pressing challenges to ensure a resilient and secure digital landscape.

Source link

Latest articles

Is 2025 the year of no more passwords?

In the realm of cybersecurity, the use of passwords as a security measure has...

Critical Zero-Day Vulnerability in Ivanti Being Exploited in the Wild

The National Cyber Security Centre (NCSC) in the UK and its US counterpart have...

Hyderabad police apprehend 23 cyber fraudsters in nationwide operation

Hyderabad police have made a significant breakthrough in cracking down on cybercrime activities with...

PowerSchool Data Breach – Hackers Compromised Personal Information of Students and Teachers

Walker County Schools recently disclosed that unauthorized access to personal data belonging to students...

More like this

Is 2025 the year of no more passwords?

In the realm of cybersecurity, the use of passwords as a security measure has...

Critical Zero-Day Vulnerability in Ivanti Being Exploited in the Wild

The National Cyber Security Centre (NCSC) in the UK and its US counterpart have...

Hyderabad police apprehend 23 cyber fraudsters in nationwide operation

Hyderabad police have made a significant breakthrough in cracking down on cybercrime activities with...