Thursday, April 20, 2023

Alarming New Report Finds 82% Of Open Source Software Risky Thanks To Major Vulnerabilities And Security Issues

A new report by top software supply chain security management firm Lineaje says 82% of all open-source software is inherently risky.

The report further delineates the cause to be a combination of major vulnerabilities, security concerns, issues with code quality, and problems with maintainability.

The authors of the research went on to detail more about how 70% of this kind of software across the enterprise was open source and such elements aren’t usually tracked too often or provided with updates or inventories. And that is what leaves some serious vulnerabilities across the software supply chain so it could be exploited by other threat actors.

This comes just a little short of a week since CISA called the software vendors to take necessary action to put out secure-by-design processes for development that ship codes and ensure secure and out-of-the-box features.

The company similarly found a huge risk to these big open-source solutions after taking into consideration around 44% of the most popular projects for this foundation. This is when they saw a 68% dependency through Non-Apache software and a lot of them had opaque origins and update schemes in place.

The authors feel such reports are a clear warning to companies about open-source software and how it comes with huge risks. This is despite them being super popular and providing established brands.

Similarly, since more software is now getting assembled instead of getting built, it is becoming more pivotal now than ever to create formal tools that discover the DNA of the software. Hence, developers don’t have x-ray visions to witness what is present inside the software component. Similarly, most open-source selectors aren’t even security experts. So you can only imagine the devastation that could arise.

Provided that 64% of such vulnerabilities don’t have a solution in place right now means they cannot be fixed. Therefore, companies need to be made aware of the problem and hence should take proactive measures about managing such risks.

On the other hand, this also provides recommendations for organizations deploying tools for the supply chain management. And in this way, you can assess various dynamic risks as well as the integrity of various projects at hand.

So as you can tell, the risk is mighty and it’s up to firms to take on the warnings before it’s too late.



Read next: ChatGPT Era: Report Reveals Surprising Shift in Business Operations with Latest AI Technology
by Dr. Hura Anwar via Digital Information World

No comments:

Post a Comment