The Kaspersky Lab team announced the launch of a service called Kaspersky Open Source Software Threats Data Feed.

According to the developers, this is the first such service in Russia, it will allow you to identify bookmarks in third-party components and open source software.

Currently, the Kaspersky Open Source Software Threats Data Feed contains information about about three thousand vulnerable and malicious packages from popular repositories, some of which have been downloaded by users tens of thousands of times. According to Kaspersky Lab, among the vulnerabilities found in Open Source packages, about 35% have a high severity level, and about 10% have a critical level.

As planned by the "Laboratory", the use of Kaspersky Open Source Software Threats Data Feed will help developers use packages without vulnerabilities and hidden malicious "surprises". The data is provided in JSON format.

Cybersecurity expert at Kaspersky Lab Denis Parinov explained:

Using ready-made packages in development is a common practice. It saves a lot of time when creating software. However, it is important to be aware of the emerging risks of attacks on the supply chain, which have especially increased in 2022, when hundreds of compromised and malicious packages were discovered in popular repositories. To reduce the risk of connecting vulnerable or even malicious packages, we suggest checking their third-party components using our solution.

bbabo.ℵet