Upstream Supply Chain Attacks Triple in a Year

In 2023, cybersecurity experts detected three times more harmful open source packages than the previous year and twice as many software supply chain attacks as 2019-2022. Despite availability of updated and more secure versions, 2.1 billion risky open source downloads could have been avoided in 2023. The report from Sonatype urges developers to improve their risk awareness, make informed decisions regarding vulnerable downloads, and utilise effective security tools.