More and more companies are now worried about open source security

They’re calling for improvements in packaging security

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Businesses are slowly moving away fromopen source software, due to growing fears of security risks that come from open source elements, new research has shown.

Virtualizationgiant VMware recently released a report that states that the number of companies willing to deploy open source software in production environments fell from 95% last year, to 90% this year.

The two biggest concerns that are forcing companies to look elsewhere are the ability to identify and address vulnerabilities found in open source software. In fact, dependency on the community to address flaws and vulnerabilities is at the top of the list (61%), followed by increased security risks (53%), and the lack of service-level agreements (SLA) for patches from the community (50%).

Too many tools, manual tasks, and people

To address the issue, businesses would love to see improvements in packaging security, as open source software packaging is essential in securing the supply chain, the report claims.

Apparently, there are too many tools, too many manual tasks, and too many teams working on packaging at most companies, which makes the process sluggish, inefficient and risky.

When asked which software packaging capabilities would improve security, almost two-thirds (60%) would appreciate immediate access to trusted security patches to applications or runtimes, dependencies, andoperating systemcomponents, while half (55%) want centralized visibility to all scans, as it would simplify security audits. Half (51%) also want to automate CVE and virus scanning for every container.

The love for open source software is showing no signs of slowing down>Open source security is rapidly becoming a major concern>These are the best endpoint protection services out there

While open source software remains an indispensable part of every project, this is not the first time questions of security have been raised. Last June, cybersecurity firm Snyk, together with the Linux Foundation, published a report claiming open-source software poses a “significant security risk”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Based on a survey of more than 550 respondents, as well as data pulled from 1.3 billion open source projects via Snyk Open Source, the report states that two in five (41%) firms are not confident in the security of their open source code.

The average application development project, it was found, has 49 vulnerabilities, as well as 80 direct dependencies. Usually, it now takes 110 days to remedy a vulnerability in an open source project, up from 49 days four years ago.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI