An Intellyx Brain Candy Brief
Illustria protects open-source software supply chains with 24×7 scanning of all open-source libraries for the appearance of a number of possible vulnerabilities and attack vectors.
Illustria focuses on the connection between developers and Git repositories in order to detect and prevent:
- Typosquatting – packages at malicious domain names that closely resemble bona fide ones
- Starjacking – gaming Git’s statistics to make a malicious package appear popular
- Expired domain names – registering disused domain names of unsupported packages to fool developers into downloading malware
- DNS attacks – gaming DNS to redirect requests for bona fide packages to malicious links
- Operational risks – unmaintained packages or packages with suspicious maintenance protocols
Based on these vulnerabilities and others (as well as published CVEs), Illustria can block access to suspicious packages as per the organization’s policy.
Copyright © Intellyx LLC. Intellyx is an industry analysis and advisory firm focused on enterprise digital transformation. Covering every angle of enterprise IT from mainframes to artificial intelligence, our broad focus across technologies allows business executives and IT professionals to connect the dots among disruptive trends. As of the time of writing, none of the organizations mentioned in this article is an Intellyx customer. No AI was used to produce this article. To be considered for a Brain Candy article, email us at pr@intellyx.com.
