Open Source Malware with Brian Fox

Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware packages in public repositories. Brian explains why certain ecosystems are more vulnerable than others and how behavioral detection methods can identify suspicious packages, and the challenge in solving this problem. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-oss_malware_brian_fox/

Om Podcasten

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There’s a lot of good work happening that doesn’t get attention because there’s no marketing department behind it, they don’t have a developer relations team posting on LinkedIn every two hours. Let’s focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what’s up, they have a lot to teach us. We just have to listen.