Learn how adversarial nation-states are infiltrating open-source software ecosystems to advance their respective national interests and objectives.
Open source software powers everything from mobile apps to national infrastructure. But the same transparency and collaboration that make OSS powerful also leave it vulnerable to infiltration by well-resourced adversaries.
This report details how state-sponsored actors from the PRC, Russia, and North Korea are quietly embedding themselves in development communities, introducing potential backdoors and persistent threats into the software infrastructure trusted by businesses and governments.
Through case studies, real-world data, and Strider’s proprietary analysis, Lying in Wait introduces a contributor-centric model for assessing software risk. By shifting the focus from just what the code does to who’s writing and maintaining it, organizations can expose hidden threats traditional scanning tools miss.
Learn how Strider keeps your organization informed—and protected.
21%
of contributors to OpenVINO, a high-profile AI codebase, had non-zero risk scores.
1,000,000
downloads of an open-source toolkit containing code from Russia-linked contributors — each flagged with a risk score of 4, the highest possible threat level.
72%
of organizations were still seeing active Log4Shell exploitation events two years after the initial attack—underscoring how long the tail of OSS threats can be.