Open source software is an application with publicly available source code that anyone can access, modify, and distribute based on the terms of the license. Many modern applications use some OSS components. Because anyone can modify or expand open source code, threat actors can inject malicious code into an OSS that otherwise appears safe. Malicious changes are often detected only after the application has been widely distributed throughout the digital supply chain, impacting millions of users. Hackers can also study open source code to identify potential vulnerabilities they can exploit.
Orphaned Asset (or Orphaned App)
Orphaned assets are IT assets that lack identifiable origins or connections and are not readily visible to security teams as a result. Examples include virtual machines that have no physical host and applications that have been abandoned and have no clear administrator or manager. These assets are often left exposed, making them ideal targets for malicious actors.