Skip to main content

TH15402

Detected presence of software components authored by high-risk developers.

priorityCI/CD statusseverityeffortSAFE levelSAFE assessment
passhighhighNoneNone

About the issueโ€‹

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Open source communities depend on the work of thousands of software developers that volunteer their time to maintain software components. While the majority of open source contributors are altruistic and trustworthy, some software developers have a history of making harmful changes to the projects they maintain. Changes that are considered harmful include destructive and disruptive actions, and other developer behaviors that might cause them to be considered untrustworthy in their community. Code written by these software developers should be put under higher degree of scrutiny, and continuously reviewed for unexpected changes.

How to resolve the issueโ€‹

  • Investigate reported detections.
  • You should consider delaying the software release until the investigation is completed, or until the issue is risk accepted.
  • Consider replacing the software component with an alternative.

Incidence statisticsโ€‹

ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.

This section is updated when new data becomes available.

Total amount of packages analyzed

  • RubyGems: 183K
  • Nuget: 644K
  • PyPi: 628K
  • NPM: 3.72M
Statistics are not collected for the TH15402 policy at this time, or not applicable to this type of issue.