Security News > 2021 > April > How open source security flaws pose a threat to organizations
How do such products fare on security? Though the community-based approach toward open source means that security flaws should be identified quickly, patching those flaws and applying the patches is another matter.
In a report released Tuesday, design automation company Synopsys looked at commercial applications that use open source code to see how they dealt with security flaws.
Some 98% of the codebases in the healthcare sector contained open source, and 67% of them had security flaws.
92% of the codebases analyzed in the retail and e-commerce sector used open source, with 71% discovered with security flaws.
A full 91% of the codebases had open source dependencies with no development activity over the past two years, which means no improvements in code and no security patches.
Outdated open source components also played a role in security flaws.
News URL
Related news
- OpenCTI: Open-source cyber threat intelligence platform (source)
- More than 3 in 4 Tech Leaders Worry About SaaS Security Threats, New Survey Reveals (source)
- Cyber Security and IT Leadership: A Growing Threat to Australia’s Renewable Energy Efforts (source)
- Microsoft security tools questioned for treating employees as threats (source)
- Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed (source)
- CrowdSec: Open-source security solution offering crowdsourced protection (source)
- Paid open-source maintainers spend more time on security (source)
- Certainly: Open-source offensive security toolkit (source)
- Open source maintainers: Key to software health and security (source)
- Suricata: Open-source network analysis and threat detection (source)