Foreign adversaries are trying to weaponize open-source software, report finds

Chinese, Russian and North Korean-affiliated hackers are covertly working to insert backdoor hijacks and exploits into major publicly-available software used by countless organizations, developers and governments around the world, according to findings released Monday by Strider Technologies.

The malicious insertions into these open-source tools could allow hackers to pilfer troves of sensitive data from governments and private sector firms, according to Strider, which analyzed open-source code contributors who have direct affiliations with foreign adversaries.

Open-source projects — which underpin software systems used everywhere — rely on contributions from community members to keep them updated with patches. The updates are often discussed on forums with volunteer software maintainers, who chat with one another about proposed changes.

Read more at NextGov/FCW