A new study by Sonatype reports that one in eight open source components used to create applications contain flaws. Michael Patterson, CEO at Plixer commented below.
Michael Patterson, CEO at Plixer:
“There is inherent risk associated with using open source code for the development of IoT devices. By definition, an open source platform is influenced and altered by anyone, be they white hat or black hat. Bad actors can use open source repositories to plant software with hidden backdoors allowing them to create botnets. The IoT industry should look to move to a Red Hat type model, where open source platforms go through a rigorous QA process on an ongoing basis. Even if this becomes the case, developers will still need to test all their code when creating applications. Open source is convenient to use it, but it can hold a ticking time bomb. IoT devices should be deployed in a least privilege model where connections are blocked from anything except the few trusted IP addresses and applications required for normal operations. IoT devices need to have security built-in with auto checks for software updates on a daily basis. For devices which are not able to retrieve updates, there must be a built-in end of life process. Unsecured devices that don’t have an end of life, but are put into a landfill, can still be located on the Internet and rounded up into botnets used for DDoS attacks and more.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.