Gandalf_The_Grey
Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,189
Open-source software has been increasingly popular among developers and tech companies. However, the unrestricted deployment of open-source code is steadily becoming a security risk, claims a new report titled “The State of Open-Source Security”.
The research from developer security firm Snyk and the Linux Foundation claims more than a third of the organizations don't have high confidence in their open-source software security. Speaking about the report, Matt Jarvis, director of developer relations at Snyk said:
Software developers today have their own supply chains -- instead of assembling car parts, they are assembling code by patching together existing open-source components with their unique code. While this leads to increased productivity and innovation, it has also created significant security concerns.
This first-of-its-kind report found widespread evidence suggesting industry naivete about the state of open-source security today. Together with The Linux Foundation, we plan to leverage these findings to further educate and equip the world’s developers, empowering them to continue to build fast, while also staying secure.
The research claims an average application development project has 49 vulnerabilities and 80 direct dependencies. Moreover, the time it takes to fix vulnerabilities in open-source projects has steadily increased. Back in 2018, it took on average 49 days to fix a security vulnerability. In 2021, it takes about 110 days to develop a patch.