document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

[完成翻译][news]: 20220927 Attacks On Open Source Software Are On The Rise.md

Browse Source
This commit is contained in:
vvvbbbcz 2022-10-01 12:03:52 +08:00
parent b9b6433c8b
commit 0a81d49bd8
2 changed files with 36 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
sources/news/20220927 Attacks On Open Source Software Are On The Rise.md
View File

@ -1,36 +0,0 @@
[#]: subject: "Attacks On Open Source Software Are On The Rise"
[#]: via: "https://www.opensourceforu.com/2022/09/attacks-on-open-source-software-are-on-the-rise/"
[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/"
[#]: collector: "lkxed"
[#]: translator: "vvvbbbcz"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Attacks On Open Source Software Are On The Rise
======
*Attacks on open source repositories are becoming more frequent.*
According to recent research, cybercriminals are profiting from the fact that more businesses are using open source code repositories to develop their software solutions. According to a recent research from software supply chain management service provider Sonatype, the frequency of infected packages, typosquatting assaults on such platforms, and similar hacks has increased dramatically over the past three years.
The organisation discovered about 95,000 harmful packages over the course of the last three years and over 55,000 dangerous packages that were only recently published by employing their repository Firewall. By then, it had increased by an average of 700% in 36 months.
The business claims that it continuously finds and blocks harmful packages as well as potentially vulnerable components by fusing behavioural analysis with automated policy enforcement. Additionally, it employs AI to assess each piece of freshly published open source software to see if it poses any security risks. It asserts that manual analysis has become nearly impossible as a result of the significant increase in open source.
Furthermore, it is irrelevant whether the business includes the malicious component in the finished product or not. The corporation claims that if it is downloaded on their endpoints(opens in new tab), it is already too late.
“The volume, frequency, severity, and sophistication of malicious cyberattacks continue to increase. Organizations cantand shouldntavoid the use of open source(opens in new tab) just to protect themselves,” Fox added. “But they can use preventative toolssuch as the Sonatype Firewallto keep developers on track and software supply chains secure.”
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/09/attacks-on-open-source-software-are-on-the-rise/
作者:[Laveesh Kocher][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/laveesh-kocher/
[b]: https://github.com/lkxed

36
translated/news/20220927 Attacks On Open Source Software Are On The Rise.md Normal file
View File

@ -0,0 +1,36 @@
[#]: subject: "Attacks On Open Source Software Are On The Rise"
[#]: via: "https://www.opensourceforu.com/2022/09/attacks-on-open-source-software-are-on-the-rise/"
[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/"
[#]: collector: "lkxed"
[#]: translator: "vvvbbbcz"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
对开源软件的攻击呈上升趋势
======
*对开源仓库的攻击越来越频繁了。*
根据近日的研究,网络犯罪分子正利用一个事实获利,即越来越多的企业使用开源代码仓库来开发他们的软件及解决方案这个事实。而在最近,根据一个软件供应链管理服务提供商 Sonatype 所做的研究表明,在最近三年里,受感染的软件包、以及对这些软件平台的仿冒攻击和类似的黑客攻击的频率大幅增加。
该企业在过去三年中发现了大约 95000 个有害软件包,以及超过 55000 个最近才使用他们的存储库防火墙公布的危险软件包。届时,这个数字在三年内平均增长了 700%。
该企业称,他们的存储库防火墙将通过融合行为分析和自动策略执行的方式,不断发现并阻止有害软件包及潜在的易受攻击的组件。此外,它还使用了 AI<ruby>人工智能<rt>Artificial Intelligence</rt></ruby>)对每个新发布的开源软件进行评估,看它是否会带来一些安全风险。而且该企业断言,由于开源代码的迅速增加,人工分析已变得几乎不可能。
然而,这与该企业是否在它的最终产品中包含受感染的恶意组件无关。该公司声称,如果那些恶意组件已经被下载到他们的终端上,就已经太晚了。
“攻击的数量、频率、严重性和复杂性还在增长。但企业不能,也不应该仅为保护自身而避免使用开源代码。” Fox 补充说:“但他们可以使用预防性的工具,例如 Sonatype 防火墙来保证开发人员的工作进度和软件供应链的安全。”
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/09/attacks-on-open-source-software-are-on-the-rise/
作者:[Laveesh Kocher][a]
选题:[lkxed][b]
译者:[自由的铁矿](https://github.com/vvvbbbcz)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/laveesh-kocher/
[b]: https://github.com/lkxed