Security News > 2021 > April > Open source security, license compliance, and maintenance issues are pervasive in every industry

Open source security, license compliance, and maintenance issues are pervasive in every industry
2021-04-15 05:30

The report highlights trends in open source usage within commercial applications and provides insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of.

It also details the pervasive risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues.

"Unlike commercial software, where vendors can push information to their users, open source relies on community engagement to thrive. When an open source component is adopted into a commercial offering without that engagement, project vitality can easily wane. Orphaned projects aren't a new problem, but when they occur, addressing security issues becomes that much harder. The solution is a simple one - invest in supporting those projects you depend upon for your success."

Beyond the obvious security implications of neglecting to apply patches, the use of outdated open source components can contribute to unwieldy technical debt in the form of functionality and compatibility issues associated with future updates.

Over 90% of the audited codebases contained open source components with license conflicts, customized licenses, or no license at all.

65% of the codebases audited in 2020 contained open source software license conflicts, typically involving the GNU GPL. 26% of the codebases were using open source with no license or a customized license.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/3rZJbYsXGq4/