Security News > 2020 > May > Eye-opening statistics about open source security, license compliance, and code quality risk
99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys.
The most concerning trend in this year's analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year.
"It's difficult to dismiss the vital role that open source plays in modern software development and deployment, but it's easy to overlook how it impacts your application risk posture from a security and license compliance perspective," said Tim Mackey, principal security strategist of the Synopsys Cybersecurity Research Center.
Beyond the increased likelihood that security vulnerabilities exist, the risk of using outdated open source components is that updating them can also introduce unwanted functionality or compatibility issues.
Sixty-eight percent of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1ZZRPpcdCSg/
Related news
- BLint: Open-source tool to check the security properties of your executables (source)
- OWASP dep-scan: Open-source security and risk audit tool (source)
- Achieve security compliance with Wazuh File Integrity Monitoring (source)
- Achieve security compliance with Wazuh File Integrity Monitoring (source)
- Security providers view compliance as a high-growth opportunity (source)
- Open-source security in AI (source)
- Managing Cloud Security Posture: Continuous Monitoring and Hardening for Visibility and Compliance (source)
- Enhancing security through collaboration with the open-source community (source)
- SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting (source)
- Cilium: Open-source eBPF-based networking, security, observability (source)