Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

CISA chief frets about open-source vulnerabilities, delayed security improvements

(Pexels / Pixabay)

By Tim Starks

Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday.

“The open-source community is one that I’m particularly worried about when we start to think about rapid escalation of vulnerability discovery,” acting director Nick Andersen said, referencing a cartoon about how key technologies that underpin the internet are often maintained by a single person. 

In one recent attack, a hacker hijacked an account of a single open-source project maintainer to publish malicious updates for axios, popular with software developers, raising the potential for attacks that could spread more widely. TeamPCP, a suspected North Korean hacking group, has been on a sweeping spree of open-source attacks.

Read more at CyberScoop

Click to listen highlighted text!