When it comes to understanding the difference between open source software vulnerabilities and malicious threats, it’s helpful to think in terms of passive vs. active threats.
Vulnerabilities can be attacked and exploited, but in a vacuum don’t pose a threat. Malicious threats are different —– they involve a threat actor actively planning to attack you. This means that security teams not only must worry about vulnerable open source packages, they also need to worry about malicious open source packages, which are increasing faster than the rate of vulnerable packages.
That’s why we’ve made it easier for large enterprises to centralize deployment of Mend Supply Chain Defender via integration with the JFrog Artifactory. This allows enterprise customers using JFrog Artifactory as a private repository manager to prevent malicious open source software from entering their code base.
The value of integration
There are a few reasons why this will not only improve application security, it will also make developers’ lives easier.
Learn more about how Mend Supply Chain Defender blocks software supply chain attacks.