Software installation from safe sources

Software is installed from known good sources? Yes / No

Pirated software is riddled with malware. Team members install software coming from legit sources only, reducing the risk that the software comes with malware.

Safe software channels include:

• App stores by operating system vendors
• Official, signed, UNIX distribution repositories
• Programming community package repositories

Basic security understanding and cyberhygiene should still be applied when installing from safe channels (e.g., Google Play is known to host several rigged applications).

Even if malware is not targeting the project itself, malware authors inspect infected computers for high-value targets and may open an attack if they notice such a successful infection.

Applies for: Everyone

Related incidences:

• XCode
• SquirrelMail

Links:

• Malware that Just Won’t Give Up on Google Play (Avast)
• PEP 0458 – Surviving a Compromise of PyPI