https://www.techradar.com/pro/security/github-has-a-major-problem-with-fake-rankings-which-could-put-users-at-risk-of-attack

What you need to know:

- GitHub faces a significant issue with fake star ratings, with approximately 4.5 million fake stars identified across nearly 23,000 repositories

- Stars on GitHub function similarly to social media likes and influence a repository's visibility and ranking on the platform

- GitHub's repository rankings and recommendations are heavily dependent on the number of stars a repository receives

- Malicious actors create automated accounts to artificially inflate star counts on suspicious repositories to spread malware

- A collaborative study by Carnegie Mellon University, Socket Inc, and North Carolina State University uncovered this widespread problem

- The researchers identified 1.32 million accounts responsible for creating fake stars, demonstrating the scale of the issue

- GitHub has recognized the problem and is taking measures to combat fraudulent users and repositories

- The platform is described as central to modern open-source software development, making this security issue particularly concerning

- Users are now advised to look beyond star counts and consider factors such as repository activity, authenticity, and code quality

- The problem has shown an increasing trend throughout 2024, indicating a growing threat to the platform's integrity

#IKITAO #Tech #OpenSource #Security