Security News > 2021 > April > How open source security flaws pose a threat to organizations
How do such products fare on security? Though the community-based approach toward open source means that security flaws should be identified quickly, patching those flaws and applying the patches is another matter.
In a report released Tuesday, design automation company Synopsys looked at commercial applications that use open source code to see how they dealt with security flaws.
Some 98% of the codebases in the healthcare sector contained open source, and 67% of them had security flaws.
92% of the codebases analyzed in the retail and e-commerce sector used open source, with 71% discovered with security flaws.
A full 91% of the codebases had open source dependencies with no development activity over the past two years, which means no improvements in code and no security patches.
Outdated open source components also played a role in security flaws.
News URL
Related news
- Inconsistent security strategies fuel third-party threats (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Kunai: Open-source threat hunting tool for Linux (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)
- OSPS Baseline: Practical security best practices for open source software projects (source)
- AI threats and workforce shortages put pressure on security leaders (source)
- Hetty: Open-source HTTP toolkit for security research (source)
- NetBird: Open-source network security (source)
- IntelMQ: Open-source tool for collecting and processing security feeds (source)
- 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security (source)