Technology Business

Open source supply chain attacks

The incidents have highlighted the growing vulnerability of the global software supply chain and the risks associated with unverified open source components.

Security experts warn that the full 'blast radius' of the compromise may not be known for months.

The attacks have prompted calls for the widespread adoption of Software Bill of Materials (SBOMs) to improve transparency and security.

Organizations are being urged to conduct thorough audits of their development environments to mitigate potential risks.

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise The Register — Apr 11, 11:11 AM