Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Nine in ten biz applications harbor out-of-date, unsupported, insecure open-source code, study shows

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 13 May 2020 10:03:57 +0000 (UTC)
https://www.theregister.co.uk/2020/05/12/open_source_bugs/

By Thomas Claburn
The Register
12 May 2020

Ninety-one per cent of commercial applications include outdated or abandoned
open source components, underscoring the potential vulnerability of
organizations using untended code, according to a software review.

Synopsys, a California-based design automation biz, conducted an audit of 1,253
commercial codebases in 17 industries for its 2020 Open Source Security and Risk
Analysis report.

It found that almost all (99 per cent) of the codebases examined have at least
one open source component and that 70 per cent of the code overall is open
source. That's about twice as much as the company's 2015 report, which found
only 36 per cent of audited code was open source.

Good news then, open source code has become more important to organizations, but
its risks have followed, exemplified by vulnerabilities like the 2014 Heartbleed
memory disclosure bug and Apache Struts flaws identified in 2017 and 2018.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: