Please reach us at if you cannot find an answer to your question.
A malicious dependency, or malicious component/artifact/package, is created with a single purpose: penetrate and infect corporate networks with backdoors, credential and token stealers, and other malicious threats. The dependency is created to look innocent, tricking software developers who prioritize speed over security into downloading the dependency from trusted public repositories (like pypi.org) and executing it in their software development environment. Like viruses masquerading as useful tools on software websites in the 90s, this new but exponentially growing threat has few defenses and even fewer experts implementing the tools to protect you before the unthinkable happens.
Securium Technologies implements the only defense against known and unknown malicious dependencies. We didn't build it, but we created Securium Defender to make managing the defense effortless. We ensure your developers are maximally protected from malicious dependencies without interfering with their need for flexibility and speed.
We like to think about the threat as being analogous to the early days of the internet. Businesses connected to the internet with no network firewall. Then high schoolers and hackers took advantage of our naiveté until businesses starting installing firewalls. Soon all businesses installed them, even if they'd never had their network compromised. Proactive defense can be cheaper and less embarrassing than reactive recovery.
Today, most of us are similarly trusting of open source software dependencies. The truth is that they've been the target of attacks for many years, but only recently for the sole purpose of bypassing network firewalls to penetrate corporate networks. The threat is growing and will continue to grow as more attackers take advantage of our growing reliance on open source dependencies.
Recent examples in the news include the following:
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.