Security News > 2020 > May > Eye-opening statistics about open source security, license compliance, and code quality risk
99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys.
The most concerning trend in this year's analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year.
"It's difficult to dismiss the vital role that open source plays in modern software development and deployment, but it's easy to overlook how it impacts your application risk posture from a security and license compliance perspective," said Tim Mackey, principal security strategist of the Synopsys Cybersecurity Research Center.
Beyond the increased likelihood that security vulnerabilities exist, the risk of using outdated open source components is that updating them can also introduce unwanted functionality or compatibility issues.
Sixty-eight percent of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1ZZRPpcdCSg/
Related news
- FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance (source)
- Sara: Open-source RouterOS security inspector (source)
- What’s Next for Open Source Software Security in 2025? (source)
- GitHub CISO on security strategy and collaborating with the open-source community (source)
- Fleet: Open-source platform for IT and security teams (source)
- Beyond VPN: How TruGrid Simplifies RDP Deployment, Security, and Compliance (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Compliance Isn’t Security: Why a Checklist Won’t Stop Cyberattacks (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)