A recent study by Sonatype revealed that next-generation software supply chain attacks have increased by 650% in the past year.

Indeed, it was reported that open source supply has increased by 20% as bad actors are using it to infiltrate systems, while developers have downloaded more than 2.2 trillion open source packages in 2021.

The report found out that security vulnerabilities are most pervasive in the more popular projects, such as projects across the four open-source ecosystems (Java, JavaScript, Python, and . NET), 29% of which contained at least one known security vulnerability. Among the least popular projects, only 6.5% contained at least one known vulnerability.

This shows that cyberattacks are most likely to exploit the same popular codebases to maximize damage through the software supply chain, especially as they can contain more vulnerabilities. Besides, attackers are always evolving and adopting new techniques that go beyond open-source code and offer greater opportunities to distribute malware throughout the software supply chain.

Hence, it is suggested that engineering leaders start embracing intelligent automation so they can standardize on the best open-source suppliers and help developers keep third-party libraries up to date with optimal versions.