CAPEC-691: Spoof Open-Source Software Metadata

Due to open-source software's popularity, it serves as a desirable attack-vector for adversaries since a single malicious component may result in the exploitation of numerous systems/applications. Adversaries may, therefore, spoof the metadata pertaining to the open-source software in order to trick victims into downloading and using their malicious software. Examples of metadata that may be spoofed include: Owner of the software (e.g., repository or package owner) Author(s) of repository commits Frequency of repository commits Date/Time of repository commits Package or Repository "stars" Once the malicious software component has been integrated into an underlying application or executed on a system, the adversary is ultimately able to achieve numerous negative technical impacts within the system/application. This often occurs without any indication of compromise.