Out-of-date, insecure open-source software is everywhere

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Open source rules. Everyone from Apple to Microsoft to Zoom uses it. Don't believe me? Synopsys, a software and silicon design company, which also covers intellectual property, reported in its 2020 Open Source Security and Risk Analysis (OSSRA) report that nearly all (99%) of audited codebases contained at least one open-source component. That's good news. The bad news is 91% of the codebases containing components were either more than four years out of date or had seen no development activity in the last two years.

Not good. Underlining how disturbing this is, Synopsys Cybersecurity Research Center (CyRC) found that open source made up 70% of all. That's a lot of aged and abandoned open-source software. Old software, unlike fine wine, does not age well.

The report is based on the results of over 1,250 commercial codebase audits. Even more worrying is that 75% of audited codebases contain open-source components with known security vulnerabilities. That's up from 60% in 2019. Almost half (49%) of the codebases contained high-risk vulnerabilities. That's up from 40% last year.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top