Security News > 2022 > October > New security concerns for the open-source software supply chain
Open-source software is a critical element of the software supply chain in companies of all sizes, but there are new security concerns for the open-source software supply chain - calling for better approaches to packaging security, according to VMware.
Top-level findings from The State of the Software Supply Chain: Open Source Edition 2022, show that OSS is clearly fulfilling stakeholder expectations for cost efficiency, increased flexibility, and developer productivity.
Despite this, notable concerns and risks have reduced the number of companies that are willing to deploy open-source software in production environments this year from 95% to 90%. Two of the top three OSS concerns involve security, specifically the ability to identify and address vulnerabilities.
OSS packaging is essential to ensure the security of the OSS supply chain.
The report finds too many tools, too many manual tasks, and too many teams are involved in packaging OSS at most companies, holding them back from securing their software supply chains efficiently.
55% want centralized visibility to all scans to simplify security audits.
News URL
https://www.helpnetsecurity.com/2022/10/17/security-concerns-open-source-software-supply-chain/
Related news
- Open source maintainers: Key to software health and security (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)