Many malware attacks against open-source software components have compromised thousands of software packages and repositories, but the practical damage these attacks have caused organizations is harder to quantify. The longer-term and indirect costs of these attacks may prove most significant for organizations. Open-source components and software have long been a well-established source of threat activity. The widespread use, combined with the broad variance in how well-supported different pro
