Attacks that introduce malicious modifications to software are seemingly on the rise. In the Open Source Software ecosystem a number of recent attacks have shown that seemingly trusted distribution points are at risk of distributing undetected modification to users. The general pattern is that an attacker gets access to code repositories, package managers, and/or file servers via a misplaced credential, weak password, or less commonly, an exploit. These attacks could happen to nearly any project but a few recent examples include
rget: a secure download user story
rget: a secure download user story
rget: a secure download user story
Attacks that introduce malicious modifications to software are seemingly on the rise. In the Open Source Software ecosystem a number of recent attacks have shown that seemingly trusted distribution points are at risk of distributing undetected modification to users. The general pattern is that an attacker gets access to code repositories, package managers, and/or file servers via a misplaced credential, weak password, or less commonly, an exploit. These attacks could happen to nearly any project but a few recent examples include