Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US
1 min read
Summary
Open source software called Easyjson, created in Moscow and owned by VK (Russian Facebook), which has since been sanctioned, has raised national security concerns among US authorities.
Easyjson is used by the US Department of Defense and across several industries, raising worries that Russia could tamper with it as an act of cyberware.
Despite sanctions, VK remains unpunished by tech companies, while Apple removed its app from its app store following UK sanctions against VK leaders.
Hunted Labs, the security company that informed US authorities of Easyjson, is researching other open source projects and the associated risks that they may pose.
It comes after a Linux maintainer removed Russian developers over sanctions last year, while the Linux Foundation has issued guidance on how sanctions may impact open source.
There is an increasing focus on supply chain security and the geopolitical implications of open source projects.
