Security News > 2020 > May > Eye-opening statistics about open source security, license compliance, and code quality risk
99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys.
The most concerning trend in this year's analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year.
"It's difficult to dismiss the vital role that open source plays in modern software development and deployment, but it's easy to overlook how it impacts your application risk posture from a security and license compliance perspective," said Tim Mackey, principal security strategist of the Synopsys Cybersecurity Research Center.
Beyond the increased likelihood that security vulnerabilities exist, the risk of using outdated open source components is that updating them can also introduce unwanted functionality or compatibility issues.
Sixty-eight percent of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1ZZRPpcdCSg/
Related news
- Beyond VPN: How TruGrid Simplifies RDP Deployment, Security, and Compliance (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Compliance Isn’t Security: Why a Checklist Won’t Stop Cyberattacks (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)
- OSPS Baseline: Practical security best practices for open source software projects (source)
- Hetty: Open-source HTTP toolkit for security research (source)
- NetBird: Open-source network security (source)
- IntelMQ: Open-source tool for collecting and processing security feeds (source)
- AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock (source)