Open-source security challenges and complexities

Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the source code contains the underlying programming instructions and is freely available for anyone to view, modify, enhance, and share.

As technology advances, open-source software has become a fundamental aspect of modern computing, providing numerous benefits and opportunities. However, concerns surrounding potential vulnerabilities and threats have also emerged with its widespread adoption.

In this Help Net Security round-up, we present parts of previously recorded videos from security experts in the field that unravel the complexities surrounding open-source security.

Complete videos

• Kurt Seifried, Chief Blockchain Officer and Director of Special Projects at Cloud Security Alliance, talks about the state of open source security in 2022.
• Ax Sharma, Senior Security Researcher at Sonatype, talks about the tactics used by the researcher Yunus Aydin (aka “SockPuppets”) and what they revealed about the security gaps that can be misused to mount supply chain compromises affecting the open source community.
• Josep Prat, Open Source Engineering Director at Aiven, illustrates how threat actors see greater use of open-source software as an opportunity, deploying new methods targeting tech professionals and open-source projects.