Detecting Security Vulnerabilities in R Packages

One of our main roles at Jumping Rivers is to set-up and provide ongoing maintenance to R, Python and RStudio infrastructure. This typically involves ensuring software is up-to-date and making sure everything is running smoothly. The OSS Index developed by Sonatype is a free catalogue of open source components and scanning tools to help developers

R Packages: Are we too trusting?

One of the great things about R, is the myriad of packages. Packages are typically installed via CRAN Bioconductor GitHub But how often do we think about what we are installing? Do we pay attention or just install when something looks neat? Do we think about security or just take it that everything is secure?

Hacking Bioconductor

Introduction Domain squatting or URL hijacking is a straightforward attack that requires little skill. An attacker registers a domain that is similar to the target domain and hopes that a user accidentally visits the site. For example, if the domain is example.com, then a typo-squatter would register similar domains such as common misspelling: examples.com misspellings