A recent study by Sonatype revealed that next-generation software supply chain attacks have increased by 650% in the past year.
Indeed, it was reported that open source supply has increased by 20% as bad actors are using it to infiltrate systems, while developers have downloaded more than 2.2 trillion open source packages in 2021.
This shows that cyberattacks are most likely to exploit the same popular codebases to maximize damage through the software supply chain, especially as they can contain more vulnerabilities. Besides, attackers are always evolving and adopting new techniques that go beyond open-source code and offer greater opportunities to distribute malware throughout the software supply chain.
Hence, it is suggested that engineering leaders start embracing intelligent automation so they can standardize on the best open-source suppliers and help developers keep third-party libraries up to date with optimal versions.