As vital as we know open source is to building software in today’s world, it’s a mistake to think of it as a silver bullet. The ability to expedite software development is clear — but so is the significant room for error, when not properly managed.
Two years ago, Sonatype's CTO, Brian Fox, started chronicling a disturbing turn of events that showed that a shifting landscape of attacks based on OSS consumption was emerging. Since then, he's seen a consistent increase in malicious open source and supply chain attacks that make one thing clear — it’s only going to get worse. Most recently it was the Bootstrap-sass hack and before that, the event-stream attack.