attachment

<div dir="ltr"><div class="gmail_quote"><br>





<div link="#0563C1" vlink="#954F72" lang="EN-US">
<div class="m_-736314416438563733WordSection1">
<p class="MsoNormal" style="margin:0in;margin-bottom:.0001pt"><b>GitHub's report on open-source security<u></u><u></u></b></p>
<p class="MsoNormal">Dec 4, 2020<u></u><u></u></p>
<p class="MsoNormal">GitHub has released its <a href="https://octoverse.github.com/" target="_blank">"2020 State of the Octoverse" report</a>; one piece of that is <a href="https://octoverse.github.com/static/2020-security-report.pdf" target="_blank">a report on security [PDF]</a>.
<span style="color:black;background:#fff2cc">There are several interesting conclusions there, including that a surprising number of security vulnerabilities are planted deliberately.</span> "<span style="color:black;background:white">Analysis on a random sample
 of 521 advisories from across our six ecosystems finds that </span><span style="color:black;background:#ffe599">17% of the advisories are related to explicitly malicious behavior such as backdoor attempts</span><span style="color:black;background:white">.
 Of those 17%, the vast majority come from the npm ecosystem. While 17% of malicious attacks will steal the spotlight in security circles, vulnerabilities introduced by mistake can be just as disruptive and are much more likely to impact popular projects. Out
 of all the alerts GitHub sent developers notifying them of vulnerabilities in their dependencies, only 0.2% were related to explicitly malicious activity. That is, most vulnerabilities were simply those caused by mistakes.</span>"<u></u><u></u></p>
<p class="MsoNormal"><a href="https://lwn.net/Articles/838965" target="_blank">https://lwn.net/Articles/838965</a><u></u><u></u></p>
<p class="MsoNormal"><img style="width:7.5104in;height:6.302in" id="m_-736314416438563733Picture_x0020_2" src="cid:1763f7111ee4cff311" width="721" height="605" border="0"><u></u><u></u></p>
<p class="MsoNormal"><img style="width:7.4895in;height:5.3958in" id="m_-736314416438563733Picture_x0020_1" src="cid:1763f7111ef5b16b22" width="719" height="518" border="0"><u></u><u></u></p>
<p class="MsoNormal"><span style="color:#3b3838"><u></u> <u></u></span></p>
</div>
</div>

</div></div>

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster