Open-source software has reached greater levels of security than ever before, but its increased adoption comes with new challenges.
In this Help Net Security video, Josep Prat, Open Source Engineering Director at Aiven, illustrates how threat actors see greater use of open-source software as an opportunity, deploying new methods targeting tech professionals and open-source projects. Phishing attacks and compromised open-source applications are now a clear and constant danger for developers and the community.
By its very nature, open source is easily accessible and open to all, making it all the more concerning that many hacking groups carrying out these attacks are linked to hostile groups and organizations. Open-source developers must be aware of these new trends and carefully check change requests in their projects.
Security stewards can further support the community by educating their staff on the methodology of phishing and preparing them on what to look out for, and in this particular case, never trusting unknown sources for your software.