Open-source security really shouldn’t be this leaky
Ethical software comes at a price, report claims
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
As businesses become increasingly reliant on free andopen source(FOSS) software, unnecessary risks to their security posture are being taken.
Areportfrom software supply chain security firm Sonatype paints a dire picture of the types of open-source software that businesses are relying on, perhaps as a means tocut software costs.
Its State of the Software Supply Chain Report found developers download 1.2 billion vulnerable dependencies every month, and of that number, 96% have had a non-vulnerable alternative.
A surge in OSS supply chain attacks
Attacking open-source repositories that are later downloaded and integrated into corporate software is a clear example of a supply chain cyberattack.
With some 1,500 dependency changes per application every year, maintaining open-source ecosystems puts a great deal of pressure on developers, and mistakes are always going to be made.
Perhaps as a result, Sonatype is reporting that this type of cyberactivity has seen a massive surge, increasing by 633% year-on-year.
However, it believes there’s a solution: primarily, minimizing dependencies and speeding up software updates onendpoints. It also recommends raising awareness of vulnerable FOSS dependencies among engineering professionals.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sonatype found that over two-thirds (68%) were confident their apps weren’t using vulnerable libraries, despite that fact that the same percentage of enterprise apps - 68% - were found to contain known vulnerabilities in their open-source software components.
Stay safe with the best antivirus programs right now>More and more companies are now worried about open source security>Open source security is rapidly becoming a major concern
What’s more, IT managers were over twice as likely to believe that their firms address software issues regularly during the development stage than their IT security peers.
For Sonatype, businesses need to simplify and optimize the software development process with smarter tools and more visibility, and better automation.
Supply chain attacks have been some of the most devastating cyber-incidents ever in recent years, including incidents based on thelog4jvulnerability, and theSolarWinds compromise.Even today, cybercriminals are compromising organizations of all shapes and sizes using the log4j flaw.
Via:VentureBeat
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
The 6 best electric motorcycle concepts and launches from EICMA 2024
