Expert On Open Source Software Security Vulnerabilities Exist For Over Four Years Before Detection

It has been reported that it can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed. According to GitHub’s annual State of the Octoverse report, published today, reliance on open source projects, components, and libraries is more common than ever. 

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Phil Odence
Phil Odence , General Manager of Black Duck On-Demand
InfoSec Expert
December 3, 2020 4:03 pm

The big picture takeaways here are that there is a significant amount of open source in virtually every modern application in use today and that keeping those apps secure requires that companies track and manage the open source in their code. This is consistent with Synopsys’ research.

The report focuses on security and so doesn’t delve into legal risks associated with licensing; however, despite being “free,” open-source software is no different from other software in that its use is governed by a license. Based on research conducted for the 2020 OSSRA report, 68% of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license. This is another way in which open source can get organizations into hot water, and thus should be managed and not overlooked.

Last edited 1 year ago by Phil Odence
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x