Expert On Open Source Software Security Vulnerabilities Exist For Over Four Years Before Detection

It has been reported that it can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed. According to GitHub’s annual State of the Octoverse report, published today, reliance on open source projects, components, and libraries is more common than ever. 

Experts Comments

December 03, 2020
Phil Odence
General Manager of Black Duck On-Demand
Synopsys
The big picture takeaways here are that there is a significant amount of open source in virtually every modern application in use today and that keeping those apps secure requires that companies track and manage the open source in their code. This is consistent with Synopsys’ research. The report focuses on security and so doesn’t delve into legal risks associated with licensing; however, despite being “free,” open-source software is no different from other software in that its use.....Read More
The big picture takeaways here are that there is a significant amount of open source in virtually every modern application in use today and that keeping those apps secure requires that companies track and manage the open source in their code. This is consistent with Synopsys’ research. The report focuses on security and so doesn’t delve into legal risks associated with licensing; however, despite being “free,” open-source software is no different from other software in that its use is governed by a license. Based on research conducted for the 2020 OSSRA report, 68% of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license. This is another way in which open source can get organizations into hot water, and thus should be managed and not overlooked.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.