Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s account and update the package with malware. Consequently, the security capabilities of public software package repositories plays a crucial factor in securing the open-source software supply chain. OpenSSF’s efforts to improve open-source software security … More

The post Securing software repositories leads to better OSS security appeared first on Help Net Security.