Expert On Open Source Software Security Vulnerabilities Exist For Over Four Years Before Detection

By   ISBuzz Team
Writer , Information Security Buzz | Dec 03, 2020 07:55 am PST

It has been reported that it can take an average of over four years for vulnerabilities in open source software to be spotted, an area in the security community that needs to be addressed. According to GitHub’s annual State of the Octoverse report, published today, reliance on open source projects, components, and libraries is more common than ever. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Phil Odence
Phil Odence , General Manager of Black Duck On-Demand
December 3, 2020 4:03 pm

The big picture takeaways here are that there is a significant amount of open source in virtually every modern application in use today and that keeping those apps secure requires that companies track and manage the open source in their code. This is consistent with Synopsys’ research.

The report focuses on security and so doesn’t delve into legal risks associated with licensing; however, despite being “free,” open-source software is no different from other software in that its use is governed by a license. Based on research conducted for the 2020 OSSRA report, 68% of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license. This is another way in which open source can get organizations into hot water, and thus should be managed and not overlooked.

Last edited 3 years ago by Phil Odence

Recent Posts

Would love your thoughts, please comment.x