Security News > 2022 > October > New security concerns for the open-source software supply chain
Open-source software is a critical element of the software supply chain in companies of all sizes, but there are new security concerns for the open-source software supply chain - calling for better approaches to packaging security, according to VMware.
Top-level findings from The State of the Software Supply Chain: Open Source Edition 2022, show that OSS is clearly fulfilling stakeholder expectations for cost efficiency, increased flexibility, and developer productivity.
Despite this, notable concerns and risks have reduced the number of companies that are willing to deploy open-source software in production environments this year from 95% to 90%. Two of the top three OSS concerns involve security, specifically the ability to identify and address vulnerabilities.
OSS packaging is essential to ensure the security of the OSS supply chain.
The report finds too many tools, too many manual tasks, and too many teams are involved in packaging OSS at most companies, holding them back from securing their software supply chains efficiently.
55% want centralized visibility to all scans to simplify security audits.
News URL
https://www.helpnetsecurity.com/2022/10/17/security-concerns-open-source-software-supply-chain/
Related news
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)
- OSPS Baseline: Practical security best practices for open source software projects (source)
- Hetty: Open-source HTTP toolkit for security research (source)
- NetBird: Open-source network security (source)
- IntelMQ: Open-source tool for collecting and processing security feeds (source)
- YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection (source)