Bad Behaviour and Dirty Downloads: 2.1 billion OSS packages with known vulns downloaded this year.

Strikingly, only 11% of open source projects are ‘actively maintained'. Should you be worried? Well, probably, yes.

Edward Targett

Oct 04, 2023 - 2 min read

Upstream risk in the software supply chain remains a real threat, with 245,032 malicious packages detected in 2023 already – and developers making a wince-inducing 2.1 billion open source software (OSS) downloads of packages with known vulnerabilities over the past year.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in

Success! You now have access to additional content.