Skip to content

Search the site

Bad Behaviour and Dirty Downloads: 2.1 billion OSS packages with known vulns downloaded this year.

Strikingly, only 11% of open source projects are ‘actively maintained'. Should you be worried? Well, probably, yes.

Upstream risk in the software supply chain remains a real threat, with  245,032 malicious packages detected in 2023 already – and developers making a wince-inducing 2.1 billion open source software (OSS) downloads of packages with known vulnerabilities over the past year.

This post is for subscribers only

Subscribe

Already have an account? Sign In

Latest