Software Integrity Blog


Open source security risk on the rise owing to unpatched software

Open source security risk on the rise owing to unpatched software

A slight change of pace for this week’s issue of Software Integrity Insight, as we focus on the release of the 2018 Open Source Security and Risk Analysis, which analyzes the audit results of over 1,100 commercial codebases from over 500 organizations and examines the open source security and licensing news of 2017. We think you’ll find some of the results from the report surprising, such as the fact that 33% of the codebases that contained Apache Struts still had the vulnerability that resulted in the Equifax breach. Learn about the open source security risks uncovered, and more, in this week’s Insight.

Download the full 2018 Open Source Security and Risk Analysis

Open source report exposes management gaps after turbulent 2017

via Synopsys Software Integrity: To better understand the state of open source use and open source management in organizations worldwide, Synopsys studies the findings from its Black Duck On-Demand open source audits. Building on the findings from last year’s report, Synopsys has now released the 2018 Open Source Security and Risk Analysis (OSSRA) to provide data-driven insights for our customers and for all consumers of and contributors to open source software.

I got 257 problems, and they’re all open source: Report shines light on Wild West of software

via The Register: The increasing use of open-source components in development may well require changes to procedures and practices. As with traditional closed source, vulnerabilities and security considerations are in need of planning and mitigation, and navigating the array of licence types can be bewildering.

Weekly Security Mashup

via Synopsys Software Integrity: (video) Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity, including a look into the 2018 OSSRA Report.

The percentage of open source code in proprietary apps is rising

via Help Net Security: The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown.

Infographic: Highlights from the 2018 Open Source Security and Risk Analysis Report

via Synopsys Software Integrity: Check out our infographic highlighting the 2018 Black Duck by Synopsys Open Source Security and Risk Analysis report findings. See what we learned.

Open source code is ubiquitous and so are many vulnerabilities

via WeLiveSecurity: One-third of audited codebases that contain Apache Struts suffer from the same vulnerability that facilitated the Equifax hack a year ago.

Security vulnerabilities in open source and GDPR implications

 via JAXenter: Open source components are present in an enormous percentage of applications in numerous firms. What does the security overview of open source look like just moments before the GDPR enforcement?

Report finds software vulnerabilities as open source adoption rises

via Software Testing News: The report found that more than 54% of vulnerabilities found in audited codebases are considered high-risk, with 17% of the codebases containing highly publicised vulnerabilities such as Heartbleed, Logjam, Freak, Drown, or Poodle.

Businesses ignore OS licensing at their peril

via ITWeb: “Identifying exactly what open source code is in your codebase is crucial for properly managing its use and reuse, as well as key to ensuring compliance with software licences, an essential step in reducing business risk,” the report stated. “Failure to comply with open source licences can put businesses at significant risk of litigation and compromise of intellectual property.”

Open-source vulnerabilities plague enterprise codebase systems

via ZDNet: Vulnerabilities including the bug reportedly responsible for Equifax’s data breach are still common elements of open-source systems used in the enterprise.

Open source is everywhere and so are vulnerabilities, says Black Duck report

via LinuxInsider: “Organizations still have a long way to go on the open source security side of things,” said Tim Mackey, open source technology evangelist at Black Duck by Synopsys.

Flaws in open source components pose increasing risk to apps: Study

via SecurityWeek: Open source components have been increasingly used by developers, but failure to patch vulnerabilities in this type of software can pose serious risks.


More by this author