Checkmarx, the global leader in developer-centric application security testing (AST) solutions, today announced that it has acquired Dustico, a SaaS-based solution that detects malicious attacks and backdoors in open source software supply chains. Through this acquisition, Checkmarx will combine its AST capabilities with Dustico’s behavioral analysis technology to give customers a unified view into the risk, reputation, and behavior of open source packages, resulting in a more comprehensive approach to preventing supply chain attacks.
According to Gartner, “by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021,”¹ making security of these networks paramount. Supply chain incidents often stem from malicious actors deliberately injecting hard-to-detect, tainted code into open source packages used in software development. While open source presents myriad benefits, developers must take reputation and credibility into consideration and apply a zero-trust security mindset to external code packages being adopted into modern applications.