Earlier this year, I detailed a new battlefront for open source software based on the fact that bad actors are increasingly polluting public wells like npm. which millions of thirsty developers drink from — to the tune of 6 billion downloads per week — and was recently compromised when a bad actor injected malicious code into the popular JavaScript component, event-stream.
In the Old Days, Hackers Waited to Attack
To give some additional context, five years ago, large and small enterprises alike witnessed the first prominent Apache Struts vulnerability. In this case, Apache responsibly and publicly disclosed the vulnerability at the same time they offered a new version to fix the vulnerability. Despite Apache doing their best to alert the public and prevent attacks from happening, many organizations were either not listening or did not act in a timely fashio, and, therefore, exploits in the wild were widespread. Simply stated, hackers profit handsomely when companies are asleep at the wheel and fail to react in a timely fashion to public vulnerability disclosures.
from DZone.com Feed https://ift.tt/2E6MTts
No comments:
Post a Comment