Hi John,
Our software supply chain survey uncovered a key finding we thought you'd find highly relevant:
- >30% of respondents continue to implicitly trust open source repositories.
Even though open source organizations are making great strides to improve the security of their public repositories, the reality is that they are still the wild west where anything goes. Implicitly trusting open source components from public repositories exposes organizations to security risks, including typosquatting, dependency confusion, and prebuilt binaries that may contain malware.
How can organizations trust but verify the open source they import? Get the complete report to find out.
The ActiveState Platform imports only source code from public repositories and automatically builds indemnified packages that are vetted for maintainability, security, and commercial use. It might be the turnkey software security solution you need in 2022. Let us show you how.
Until next time!