Malware in Open Source Ecosystems: Everyone’s Problem, No One’s Program

Open source malware is no longer just a concern for security researchers. It's already on your developer machines, moving through your CI/CD pipelines (and in many cases, it's already in production). 

Yet for most organizations, defending against it remains fragmented, under-resourced, and owned by no one in particular. In this webinar, we’ll cover the latest findings from our “Malware in Open Source Ecosystems” report that analyzes malware advisories in the Open Source Vulnerability (OSV) database and npm package metadata. Spoiler: the numbers are stark.

• OSV malware advisories grew roughly 14x in just two years (with over 90% of all advisories ever filed coming in 2025 alone)
• npm account takeover advisories have surged 12x year-over-year
• 81% of organizations say malicious OSS is a top security priority (but only 48% expect budget to follow) 

But there is some good news. Organizations can improve their malware security posture by following best practices and implementing sensible technical controls. This webinar will give you a checklist of things to implement, based on a combination of data from our research team and the practices we use to protect ourselves.