Security News > 2022 > October > New security concerns for the open-source software supply chain
Open-source software is a critical element of the software supply chain in companies of all sizes, but there are new security concerns for the open-source software supply chain - calling for better approaches to packaging security, according to VMware.
Top-level findings from The State of the Software Supply Chain: Open Source Edition 2022, show that OSS is clearly fulfilling stakeholder expectations for cost efficiency, increased flexibility, and developer productivity.
Despite this, notable concerns and risks have reduced the number of companies that are willing to deploy open-source software in production environments this year from 95% to 90%. Two of the top three OSS concerns involve security, specifically the ability to identify and address vulnerabilities.
OSS packaging is essential to ensure the security of the OSS supply chain.
The report finds too many tools, too many manual tasks, and too many teams are involved in packaging OSS at most companies, holding them back from securing their software supply chains efficiently.
55% want centralized visibility to all scans to simplify security audits.
News URL
https://www.helpnetsecurity.com/2022/10/17/security-concerns-open-source-software-supply-chain/
Related news
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Vanir: Open-source security patch validation for Android (source)