"Fortify has identified a new class of bug that is designed to
take advantage of the atmosphere of trust that occurs while
developers are playing with open source code. It's called
'build-process injection,' a Trojan horse that allows hackers to
insert malicious code into the target program while it is being
"In this case, hackers can surreptitiously replace source code
sitting in the repository with an infected version. The result is
that the Trojan horse could start doing its dirty work before the
application ever gets to test phase, or depending on the design of
the malware, at any point thereafter..."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.