This paper surveys previous attacks related to building open source software, including attacks against Sendmail, OpenSSH and IRSSI. It then shows how three popular build tools for Java (Apache Ant,1 Maven2 and Ivy3) are commonly misused in ways that make them susceptible to cross-build injection (XBI) vulnerabilities, which can allow attackers to insert Trojans, back doors, or other malicious code.
Download the paper in PDF format here.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.