Get the latest tech news

Social engineering takeovers of open source projects

XZ Utils cyberattack likely not an isolated incident By Robin Bender Ginn, Executive Director, OpenJS Foundation; and Omkhar Arasaratnam, General Manager, Open Source Security Foundation The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects used by billions of websites worldwide. The Open Source Security (OpenSSF) and OpenJS Foundations are calling all open source maintainers to be alert for social engineering takeover attempts, to recognize the early threat patterns emerging, and to take steps to protect their open source projects.

They have built a model with detailed reporting and accountability of resources, yet at the same time, have technical expertise on staff to customize security proposals for the variety of open source projects they fund. The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. Robin Bender Ginn is the Executive Director of the OpenJS Foundation, the neutral home to drive broad adoption and ongoing development of key JavaScript and web technologies.

Get the Android app