Jul 3, 2024

Why HeroDevs Is Not Affected by the Supply Chain Attack

Understanding HeroDevs' Immunity to the Supply Chain Attack
Why HeroDevs Is Not Affected by the Supply Chain Attack

Understanding the Threat

In a recent incident, over 100,000 websites that relied on the CDN were compromised. The attack involved malicious JavaScript being served from which would redirect mobile users to scam sites. While Cloudflare and Google have put measures in place to rewrite URLs and disable adds on malicious sites, this breach highlights the vulnerabilities in unmaintained open source and third-party services and the need for robust security practices.  

Herodevs' Robust Security Measures

At HeroDevs, we provide security and continuity for open-source software. Here’s why our customers can rest easy:

  1. Independent Infrastructure: We host our own source code and do not rely on third-party CDNs like, minimizing the risk of such attacks.
  2. External Audits: HeroDevs uses independent security firms to conduct penetration testing for our software registry and delivery mechanisms.
  3. Internal Audits: Our team follows secure software development lifestyle practices with code signing, least access principle permissions, review enforcement, two-factor access, and other industry best practices to ensuring our software remains secure and up-to-date.
  4. Security as a Differentiator: HeroDevs leverages our own team’s extensive expertise in software security, as well as industry-leading SBOM and static-analysis tools to find and fix vulnerabilities before they are public.
  5. Ecosystem Sustainability: HeroDevs partners with open source software communities to provide ecosystem sustainability.  When open source communities partner with HeroDevs, they ensure their users have a reliable source for software packages.  When clients use HeroDevs, they can ensure that their software dependencies aren’t at risk of future website or source repository ownership changes.

Commitment to Secure Open Source Software

The incident serves as a reminder of the importance of vigilance in software supply chains, particularly with open source software. At HeroDevs we are committed to secure software development practices and to enable our clients to never run unsupported open source software again.

. . .
Article Summary
Learn why HeroDevs is unaffected by the recent supply chain attack. Discover our robust security measures, independent infrastructure, and commitment to secure open source software.
Greg Allen
Chief Product Officer
Related Articles
HeroDevs Named Inaugural Partner for Drupal 7 Extended Security Support Provider Program
Ensuring Security and Compliance for Drupal 7 Beyond Its Official End-of-Life
HeroDevs Addresses Three CVEs in Unsupported Bootstrap
Addressing CVE-2024-6484, CVE-2024-6485, and CVE-2024-6531
HeroDevs Authorized as CVE Numbering Authority by the CVE Program
HeroDevs Achieves CVE Numbering Authority Status: Solidifying Commitment to Cybersecurity and Sustainability