Open-source software has been the catalyst for accelerating software development and digital transformation across all industries around the world. However, the global nature of open-source software also makes organizations increasingly vulnerable, especially those using code from anonymous authors for critical components and applications.
The US has the highest percentage of anonymous open-source contributors.
The US and Russia together account for nearly half of all open-source contributions. Notably, US contributors both commit the most code to open-source projects (34%) and choose to remain anonymous most frequently (21%). Lineaje AI Lab’s comprehensive analysis of more than 7 million open-source packages found that the number of anonymous contributors from the US is twice that of Russian contributors and three times that of Chinese contributors.
Geopolitical risk is inherently embedded in global software supply chains.
Known, authenticated contributors commit code from secure, attested machines. The same cannot be said for anonymous, unverified contributors. Recently, global governments have begun to roll out regulation in order to mitigate the potential risk to national and economic security. Companies must also make it a priority to scrutinize the provenance of their software to gain a comprehensive control of their entire software supply chain by geographic location.
Learn more about critical vulnerabilities that may be hidden in your software supply chain and practical ways to address them at Lineaje's upcoming webinar on Thursday, January 30th.