If you’re a business leader and your project accidently includes malware in its code, this could endanger your reputation, customer security, and future sales. Many modern software development projects use libraries and packages hosted in public code repositories, such as GitHub, PiP, npm, or Gradle. While all of these tools have some security measures to ensure common packages are free from malicious inclusions, there is still the risk of a software supply chain attack.

Many organizations take a hybrid approach to package distribution with internal packages as well as mirrors of those that are publicly available being hosted in private…


Account maintained by the CWE/CAPEC Teams to provide information to the community on CWE- and CAPEC-related items. https://cwe.mitre.org https://capec.mitre.org

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store