Open source software has its perks, but supply chain risks can't be ignored

2023-02-22 12:46

Analysis Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates.

In a report last year, silicon design automation outfit Synopsys found that 97 percent of codebases in 2021 contained open source, and that in four of 17 industries studied - computer hardware and chips, cybersecurity, energy and clean tech, and the Internet of Things - open source software was in 100 percent of audited codebases.

The SolarWinds attack put a lot of focus on software supply chain security.

Building on US president Biden's 2021 Cybersecurity Executive Order, the White House in September 2022 ordered [PDF] federal agencies to follow NIST guidelines when using third-party software - including self-attestation and software bills of materials by the software makers.

There is a broad array of efforts in train by vendors looking to harden the security of the software supply chain.

These include the rise of multi-vendor frameworks like the Open Software Supply Chain Attack Reference, tools like the Vulnerability Exploitability Exchange, and other products being developed by cybersecurity vendors.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/22/open_software_supply_chain_risks/

#opensource #supplychain

News URL

Related news