Lying in Wait: Uncovering Hidden Threats in Open Source Software

Open source software powers everything from mobile apps to national infrastructure. But the same transparency and collaboration that make OSS powerful also leave it vulnerable to infiltration by well-resourced adversaries.

This report details how state-sponsored actors from the PRC, Russia, and North Korea are quietly embedding themselves in development communities, introducing potential backdoors and persistent threats into the software infrastructure trusted by businesses and governments.

Through case studies, real-world data, and Strider’s proprietary analysis, Lying in Wait introduces a contributor-centric model for assessing software risk. By shifting the focus from just what the code does to who’s writing and maintaining it, organizations can expose hidden threats traditional scanning tools miss.

Key Points:

See how advanced persistent threat (APT) groups are leveraging platforms like GitHub to further geopolitical objectives
Learn what risks exist deep within your software supply chain and how to surface them
Get a glimpse into how Strider’s Open Source Software Search tool identifies contributor-level risk to help you make smarter decisions

Get the report.

Strider Strategic Intelligence Platform™

TAILORED INTELLIGENCE

SEARCH

MORE

Spark

Popular Use Cases

Content

Readiness Tools

Company

Collaboration

Lying in Wait: Uncovering Hidden Threats in Open Source Software