Security
Jul 3, 2024

Why HeroDevs Is Not Affected by the Polyfill.io Supply Chain Attack

Understanding HeroDevs' Immunity to the Polyfill.io Supply Chain Attack
Why HeroDevs Is Not Affected by the Polyfill.io Supply Chain Attack

Understanding the Threat

In a recent incident, over 100,000 websites that relied on the polyfill.io CDN were compromised. The attack involved malicious JavaScript being served from polyfill.io which would redirect mobile users to scam sites. While Cloudflare and Google have put measures in place to rewrite URLs and disable adds on malicious sites, this breach highlights the vulnerabilities in unmaintained open source and third-party services and the need for robust security practices.  

Herodevs' Robust Security Measures

At HeroDevs, we provide security and continuity for open-source software. Here’s why our customers can rest easy:

  1. Independent Infrastructure: We host our own source code and do not rely on third-party CDNs like polyfill.io, minimizing the risk of such attacks.
  2. External Audits: HeroDevs uses independent security firms to conduct penetration testing for our software registry and delivery mechanisms.
  3. Internal Audits: Our team follows secure software development lifestyle practices with code signing, least access principle permissions, review enforcement, two-factor access, and other industry best practices to ensuring our software remains secure and up-to-date.
  4. Security as a Differentiator: HeroDevs leverages our own team’s extensive expertise in software security, as well as industry-leading SBOM and static-analysis tools to find and fix vulnerabilities before they are public.
  5. Ecosystem Sustainability: HeroDevs partners with open source software communities to provide ecosystem sustainability.  When open source communities partner with HeroDevs, they ensure their users have a reliable source for software packages.  When clients use HeroDevs, they can ensure that their software dependencies aren’t at risk of future website or source repository ownership changes.

Commitment to Secure Open Source Software

The polyfill.io incident serves as a reminder of the importance of vigilance in software supply chains, particularly with open source software. At HeroDevs we are committed to secure software development practices and to enable our clients to never run unsupported open source software again.

. . .
About HeroDevs

HeroDevs partners with open-source authors to offer comprehensive solutions for sunsetted open-source software. Our Never-Ending Support products ensure businesses remain secure and compliant, even as their depended-upon open-source packages reach end-of-life. Alongside this, our elite team of software engineers and architects provides expert consulting and engineering services, assisting clients in migrating from deprecated packages and modernizing their technology stacks.

Article Summary
Learn why HeroDevs is unaffected by the recent Polyfill.io supply chain attack. Discover our robust security measures, independent infrastructure, and commitment to secure open source software.
Author
Greg Allen
Chief Product Officer
More From This Author
Related Articles
HeroDevs Authorized as CVE Numbering Authority by the CVE Program
HeroDevs Achieves CVE Numbering Authority Status: Solidifying Commitment to Cybersecurity and Sustainability
Introducing Never-Ending Support for Nuxt at HeroDevs
Secure Your Nuxt 2 Applications with HeroDevs' Never-Ending Support
HeroDevs Partners with NUXT for Security Solutions Past End-of-Life
HeroDevs Partners with NuxtLabs to Provide Extended Support and Security for Nuxt 2 Beyond End-of-Life
Read More
Saving the day when your open source software is sunsetting
+1 877-586-1965
hello@herodevs.com
8850 S 700 E #2437
Sandy, UT 84070
Company
Home
Careers
Pricing
Partners
Pro Services
Contact
Products
All Products
Angular NES
jQuery NES
Drupal 7 NES
AngularJS NES
Vue 2 NES
Bootstrap NES
Nuxt NES
Spring NES
Protractor NES
Resources
Blog
Vulnerability Directory
Newsletters
Legal
Privacy Policy
Terms of Service
Socials
© 2024 herodevs.com  |  All Rights Reserved