Lying in Wait: Uncovering Hidden Threats in Open Source Software
Learn how adversarial nation-states are infiltrating open-source software ecosystems to advance their respective national interests and objectives.
Discover Who’s Behind the Code
Open source software powers everything from mobile apps to national infrastructure. But the same transparency and collaboration that make OSS powerful also leave it vulnerable to infiltration by well-resourced adversaries.
This report details how state-sponsored actors from the PRC, Russia, and North Korea are quietly embedding themselves in development communities, introducing potential backdoors and persistent threats into the software infrastructure trusted by businesses and governments.
Through case studies, real-world data, and Strider’s proprietary analysis, Lying in Wait introduces a contributor-centric model for assessing software risk. By shifting the focus from just what the code does to who’s writing and maintaining it, organizations can expose hidden threats traditional scanning tools miss.
See how advanced persistent threat (APT) groups are leveraging platforms like GitHub to further geopolitical objectives
Learn what risks exist deep within your software supply chain and how to surface them
Get a glimpse into how Strider’s Open Source Software Search tool identifies contributor-level risk to help you make smarter decisions
of contributors to OpenVINO, a high-profile AI codebase, had non-zero risk scores.
downloads of an open-source toolkit containing code from Russia-linked contributors — each flagged with a risk score of 4, the highest possible threat level.
of organizations were still seeing active Log4Shell exploitation events two years after the initial attack—underscoring how long the tail of OSS threats can be.