Package managers have dramatically lowered the overhead of code reuse, leading to modern software’s heavy reliance on third-party dependencies. Knowing this, however, bad actors exploit the trust that organizations have in code reuse, targeting programming language package managers, open source public repositories and binary artifact repositories.

This white paper explores the most popular class of new cyberattacks, dependency confusion, which exploits software that uses a mix of both internal and external dependencies. Software development processes that don’t implement safeguards can become “confused” into installing a compromised external dependency.

Learn about:

• What is dependency confusion – including its various forms
• How dependency confusion puts your organization at risk
• Best practices to mitigate dependency confusion risks

Check out these additional resources to learn more about mitigating the risks of open source dependencies:

• Blog: How to Prevent Dependency Confusion
• Blog: Secure PyPI? The Problem With Trusting Open Source Repositories
• Data Sheet: ActiveState Managed Distributions