Bad Behaviour and Dirty Downloads: 2.1 billion OSS packages with known vulns downloaded this year.

Strikingly, only 11% of open source projects are ‘actively maintained'. Should you be worried? Well, probably, yes.

Catherine Sarisky

Oct 04, 2023 - 2 min read

Upstream risk in the software supply chain remains a real threat, with 245,032 malicious packages detected in 2023 already – and developers making a wince-inducing 2.1 billion open source software (OSS) downloads of packages with known vulnerabilities over the past year.

This post is for subscribers only

Subscribe now and have access to all our stories, enjoy exclusive content and stay up to date with constant updates.

Subscribe now

Already a member? Sign in

Success! You now have access to additional content.