Open Source Flaws Found in 84% of Codebases

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

More than four out of five (84%) codebases contain at least one known open source vulnerability.

The figures come from Synopsys’ new Open Source Security and Risk Analysis Report (OSSRA), which mentions an almost 4% increase compared to last year.

The research document also mentions a 163% growth in the edtech sector’s adoption of open source, followed by the aerospace, aviation, automotive, transportation and logistics sectors (97%) and manufacturing and robotics (74%).

“The key to managing open source risk at the speed of modern development is maintaining complete visibility of application contents,” commented Mike McGuire, senior software solutions manager within the Synopsys Software Integrity Group.

“By building this visibility into the application lifecycle, businesses can arm themselves with the information needed to make informed, timely decisions regarding risk resolution.”

High-risk flaws over the last five years have grown substantially from 2019, particularly in the retail and e-commerce sectors (557%).

Further, Synopsys found that 31% of codebases rely on open source with no discernible license or with customized licenses, a 55% increase from last year.

Finally, 91% of the audited codebases contained outdated versions of open source components.

“Organizations leveraging any type of third-party software should rightfully assume that it contains open source,” McGuire explained.

“Verifying this, and staying on top of the associated risk, is as simple as obtaining an SBOM [software Bill of Materials] – something easily provided by a vendor taking the necessary steps to secure their software supply chain.”

The 2023 OSSRA report compiles the results of over 1700 audits of commercial and proprietary codebases from merger and acquisition transactions and highlights trends across 17 industries.

It also contains various recommendations for companies to better face the security risks of open source development and use.

The new data comes weeks after Sonatype cybersecurity researchers uncovered more than 700 malicious open source packages on the npm and PyPI open source registries.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

RSAC: Experts Highlight Novel Cyber Threats and Tactics
Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
RSAC: Why Cybersecurity Professionals Have a Duty to Secure AI
10,000 Customers’ Data Exposed in UK Government Breaches

Leave a Reply

Your email address will not be published. Required fields are marked *