Dozens of new vulnerabilities are discovered every week, but were only scratching the surface. Only a handful of talented security researchers are doing the highly skilled work of testing this code. Bad actors have recognized the power of the software supply chain attack vector. Every company that is betting their future on software needs to have a strategy for beefing up the security of their open source supply chain. The ramifications of this are staggering. If an attacker was able to infiltrate a popular library like log4j, they would very quickly be running with privilege inside most data centers in the world.”]
Source: https://www.darkreading.com/application-security/open-source-software-poses-a-real-security-threat