The root cause of open-source risk

2023-10-05 03:00

One in eight open-source downloads today poses known and avoidable risks.

Only 11% of open-source projects are 'actively maintained'.

Open-source projects across four major ecosystems.

Suboptimal open-source consumption habits are the root cause of open-source risk, contrary to public discourse often linking security risk with open-source maintainers.

"Our industry needs to direct its efforts towards the right place. The fact that there's been a fix for almost all downloads of components with a known vulnerability tells us an immediate focus should be supporting developers on becoming better decision-makers and giving them access to the right tools. The goal is to help developers be more intentional about downloading open-source software from projects with the most maintainers and the healthiest ecosystem of contributors. This will not only create safer software but also recoup nearly 2 weeks of wasted developer time each year."

Nearly 10% of respondents reported their organizations had security breaches due to open-source vulnerabilities in the last 12 months.

News URL

https://www.helpnetsecurity.com/2023/10/05/root-cause-open-source-risk/

#opensource #root