Package maintainers for open source framework PyTorch have said a malicious dependency imitating one of its own was available on a prominent code repository during the holiday season.
The dependency confusion attack included submitting a malicious version of the torchtriton dependency to the Python Package Index (PyPI), an online package repository for Python developers. The ...
To continue reading this article...
Join Computing
- Unlimited access to real-time news, analysis and opinion from the technology industry
- Receive important and breaking news in our daily newsletter
- Be the first to hear about our events and awards programmes
- Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
- Access to the Computing Delta hub providing market intelligence and research
- Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders