Malicious Packages Don't Fit the Vulnerability Intelligence Model

The article discusses how malicious software packages in open-source ecosystems don't align with traditional vulnerability intelligence models. It explains that these packages are intentionally harmful from creation, unlike vulnerabilities that emerge in otherwise legitimate software. This fundamental difference requires distinct approaches to detection and response.