Did Your Adversary Write Your Open Source Code?
We need to know who writes the Open Source code that is used to build critical applications. Today, engineers use pre-built components of software to accelerate software development. Every day, 20 million developers share and re-use open source software code. Open Source npm packages for Javascript code are used in all websites and most mobile apps. Open Source PyPI packages for Python code are used in almost all AI and Data Analysis system. Every day, continuous integration systems pull in the latest updates to this code. In mid March 2022, malicious code was added to a popular open-source package that is installed 3,292,333 times a week. The malicious code wiped files on computers located in Russia and Belarus. That's one for the good-guys. But the same line of attack can and will be directed at the West. We have to stop this. We need to know who writes the Open Source code. The Software Build of Materials(SBOM) needs to become a Verified Identity Software Build of Materials (VISBOM). Read More