Mu gihe ikoranabuhanga rikomeje kwinjira mu nzego zose z’ubuzima, abahanga mu mutekano wa internet batangaje igitero gikomeye cyibasiye Open Source packages zikoreshwa n’ibigo bikomeye by’ikoranabuhanga ku Isi hose.
Raporo nshya yasohowe n’impuguke mu by’umutekano wa internet igaragaza ko hackers bashoboye kwinjiza code mbi muri zimwe mu packages zikoreshwa n’abakora software ku rwego mpuzamahanga. Iki gitero cyibasiye cyane ububiko bwa npm na PyPI, ari bwo bubiko bunini cyane bwifashishwa n’abakora porogaramu za JavaScript na Python.
Abahanga bavuga ko ikibazo gikomeye ari uko izi packages zishobora kuba zikoreshwa n’ibihumbi cyangwa miliyoni z’abakora software batabizi. Iyo package imwe yinjizwemo code mbi, ishobora gukwirakwira mu zindi porogaramu nyinshi ku Isi hose.
Open Source ni iki?
Open Source ni software cyangwa code iba ifunguye ku buryo buri wese ashobora kuyikoresha, kuyivugurura cyangwa kuyongeramo ibindi bikorwa. Ibigo byinshi bikomeye nka Google, Microsoft, Amazon na Meta bikoresha Open Source mu bikorwa byabyo bya buri munsi.
Ibi bituma Open Source iba inkingi ikomeye y’ikoranabuhanga rigezweho, ariko nanone bikaba byorohereza hackers kuyibasira kuko ikoreshwa ahantu henshi icyarimwe.
Uko hackers bakoze iki gitero
Raporo yerekana ko hackers bakoresheje uburyo buzwi nka Supply Chain Attack, aho batibasira ikigo runaka ahubwo bibasira software ikoreshwa n’ibigo byinshi icyarimwe.
Bashoboye gushyira code mbi muri packages zimwe na zimwe ku buryo umuntu uzikuramo cyangwa akazishyira muri porogaramu ze aba yinjijemo malware atabizi.
Iyo malware ishobora:
- Kwiba amakuru y’ibanga
- Gukurikirana ibikorwa by’abakoresha
- Kwangiza systems za mudasobwa
- Gufungura amarembo yemerera hackers kwinjira muri network z’ikigo
Ingaruka ku bigo bikomeye
Abasesenguzi bavuga ko iki gitero gishobora kugira ingaruka ku bigo byinshi bikoresha software zishingiye kuri Open Source.
Nubwo ibigo byinshi bikoresha uburyo bwo kugenzura umutekano wa software mbere yo kuyikoresha, hari impungenge ko zimwe muri packages zishobora kuba zarakwirakwiriye mu mishinga myinshi mbere y’uko ikibazo kigaragara.
Ibi bishobora gutuma ibigo bisabwa gusuzuma software zose bikoresha kugira ngo hamenyekane niba harimo packages zahuye n’iki kibazo.
Kuki ikibazo cya Supply Chain Attack gikomeye?
Mu myaka mike ishize, ibitero bya Supply Chain Attack byiyongereye cyane ku Isi. Abahanga bavuga ko hackers basanze ari uburyo bworoshye bwo kwibasira abantu benshi icyarimwe.
Mu gusatira software ikoreshwa n’abantu benshi, hacker umwe ashobora kugira ingaruka ku bihumbi cyangwa miliyoni z’abakoresha atarinze kubatera umwe ku wundi.
Ibi ni byo byatumye ibigo byinshi by’ikoranabuhanga byongera ishoramari mu mutekano wa software no kugenzura code zikoreshwa mu bikorwa byabyo.
AI nayo iri kugira uruhare mu mutekano wa software
Abahanga bavuga ko Artificial Intelligence iri gufasha mu gutahura code mbi no kumenya intege nke muri software hakiri kare.
Icyakora nanone hackers bamwe batangiye gukoresha AI mu gushaka uburyo bushya bwo kwinjira muri systems z’ibigo no gukora malware zikomeye kurushaho.
Ibi bituma habaho isiganwa rikomeye hagati y’abarinda umutekano wa internet n’abashaka kuwuhungabanya.
Icyo abakoresha software basabwa gukora
Impuguke mu mutekano wa internet zisaba abakora software n’ibigo:
- Kuvugurura packages bakoresha buri gihe
- Kugenzura inkomoko ya software mbere yo kuyishyira muri systems zabo
- Gukoresha tools zisuzuma vulnerabilities
- Gukurikirana amakuru mashya ajyanye n’umutekano wa software
Bavuga ko gukoresha Open Source bikomeza kuba ingenzi, ariko bikwiye kujyana n’ubwitonzi kugira ngo hirindwe ingaruka ziterwa n’ibitero nk’ibi.
Umutekano wa internet ukomeje kuba ikibazo gikomeye
Mu gihe Isi irushaho kwishingikiriza ku ikoranabuhanga, umutekano wa internet ukomeje kuba imwe mu mbogamizi zikomeye ku bigo n’ibihugu.
Abasesenguzi bavuga ko ibitero nk’ibi byerekana ko hakenewe ubufatanye hagati y’abakora software, ibigo by’ikoranabuhanga n’inzego z’umutekano kugira ngo hongerwe ubwirinzi ku bikorwa remezo by’ikoranabuhanga bikomeje gushingirwaho n’ubukungu bw’Isi.
