Lineaje, a leader in software supply chain security management, has released a report identifying the U.S. and Russia as top contributors to open-source projects. The study, titled “Crossing Boundaries: Breaking Trust,” delineates the complexities of software supply chains and reveals vulnerabilities tied to global contributions. Lineaje AI Labs compiled the findings, analyzing data from over 7 million open-source packages.
The report emphasizes that as open source becomes more entwined with vital systems, understanding the provenance of software code is crucial for national security. Microsoft estimates that its customers endure 600 million cyberattacks daily, with significant risks stemming from open-source contributions.
- The U.S. accounts for more than one-third (34%) of open-source contributions, while 13% come from Russia and smaller percentages from Canada, the U.K., and China.
- Notably, 20% of U.S. contributions are made anonymously, compared to lower percentages in other countries, posing risks of integrating unknown software components.
- Critical industries like defense and banking face unique challenges in vetting the origins of their software code.
Javed Hasan, CEO of Lineaje, stressed the importance of robust software supply chain security tools, stating, “This latest research proves that organizations are completely blind when it comes to understanding the true composition of their open-source code and its origins, putting them at serious risk.”
Manish Gaur, Director of Product Security at VMware, added that while open-source projects can drive innovation, they also carry significant risks that need to be managed effectively.
For a detailed overview of the research findings, visit Lineaje's website to read the full report and explore further insights on improving software security.