Open source vulnerabilities are on the rise, as are the number of malicious packages published in registries such as npm and rubygems. This is great news for threat actors, who are always quick to exploit new material. And as the importance of software supply chains increases, so have the number of attacks launched at them.
This report has key findings of:
- 33 percent growth in the number of open source software vulnerabilities that Mend added to its vulnerability database in the first nine months of 2022 compared with the same time period in 2021.
- Steady quarterly increase in the number of malicious packages published in 2022, with a significant jump in Q3, which jumped 79 percent from Q2.
- Modern security best practices are vital for stemming the rising tide of open source vulnerabilities in applications and software.