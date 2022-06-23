ContributorsPublishersAdvertisers
Computers

Open source security is rapidly becoming a major concern

By Sead Fadilpašić
TechRadar
TechRadar
 2 days ago
https://img.particlenews.com/image.php?url=09w2rF_0gK8L8cg00
(Image credit: Shutterstock)

The widespread use of open source software (OSS) within modern application development poses a “significant security risk”, new research suggests.

According to a new report from cybersecurity company Snyk, together with the Linux (opens in new tab) Foundation, today’s organizations are underprepared to tackle these risks.

Based on a survey of more than 550 respondents, as well as data pulled from 1.3 billion open source projects via Snyk Open Source, the report states that two in five (41%) firms are not confident in the security of their open source code.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

Vulnerabilities in open source code

The average application development project, it was found, has 49 vulnerabilities, as well as 80 direct dependencies. Usually, it now takes 110 days to remedy a vulnerability in an open source project, up from 49 days four years ago.

“Software developers today have their own supply chains – instead of assembling car parts, they are assembling code by patching together existing open source components with their unique code. While this leads to increased productivity and innovation, it has also created significant security concerns,” said Matt Jarvis, Director, Developer Relations, Snyk.

Jarvis added that there’s a certain “naivete” to the industry’s approach to open-source software, which could open the door to all manner of malware, ransomware and other attacks.

For example, less than half (49%) have a security policy for OSS development or usage, dropping down to 27% among medium and large-size companies. Furthermore, less than a third (30%) of organizations without an open-source security policy are aware of the fact that at the moment, no one is addressing the security of open source software.

But some respondents are aware of the security challenges posed by open source software in the supply chain. A quarter said they were concerned about the security impact of their dependencies on OSS, and only 18% said they were confident in the controls they’ve set up for their transitive dependencies, where 40% of all vulnerabilities were found.

Sead Fadilpašić

  • (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Comments / 0

Related
TechRadar

Cisco tells customers to upgrade VPN routers or risk attack

Cisco has advised customers to trade in old Small Business RV VPN routers for newer models, as the old ones have high-severity vulnerabilities that it won’t be patching. As reported by BleepingComputer, the company recently discovered a vulnerability revolving around insufficient user input validation of incoming HPPT packets. By sending a “specially crafted request” to the web-based management interface of these devices, an attacker could end up with root-level privileges. Essentially, they’d be getting free access to the endpoint (opens in new tab).
TECHNOLOGY
RELATED PEOPLE
Person
Matt Jarvis
Daily Mail

Leaked audio of more than 80 TikTok meetings reveal China-based employees are accessing US user data, new report claims

Leaked audio from more than 80 internal TikTok meetings reveal Chinese-based employees of the popular video sharing app have repeatedly accessed US user data, according to a report by BuzzFeed News. The recordings, which were captured from September 2021 through January 2022, include 14 statements from nine TikTok employees who...
BEHIND VIRAL VIDEOS
technewstoday.com

Why Is My Phone Connected to Wifi But No Internet? How to Fix it

Isn’t it annoying when our phone is connected to WiFi but without internet? Well, having a WiFi connection doesn’t necessarily mean you can access the online world. Sometimes, you see an exclamation sign on the WiFi symbol. This clearly indicates that your device is not connected to the internet.
CELL PHONES
Motley Fool

FBI Enlisted in ‘Humbling’ $100 Million Hack of Harmony Blockchain

Harmony's native token ONE is down 14% over the past 24 hours, while the crypto market is up 4% overall. Late Thursday, the developers of the Harmony blockchain confirmed in an official statement that its network had been hacked, and an estimated $100 million worth of cryptocurrencies stored on that platform had been stolen.
PUBLIC SAFETY
IN THIS ARTICLE
#Open Source Software#Innovation#Al Jazeera Balkans#Snyk Open Source#Cybersecurity
CNBC

Racism could ruin the metaverse if tech doesn't improve diversity now, CTO warns: 'It absolutely is a problem'

The tech industry's disappointing track record on issues of diversity could have serious consequences when the metaverse comes along. For years, tens of millions of people of color have endured unwelcome experiences on social media platforms built by mostly white and male tech CEOS, including harassment and hate speech. Many users have also had their contributions regularly ignored or copied without attribution.
SOCIETY
makeuseof.com

The 4 Best Mac and Windows Browsers With a Built-in VPN

When you're browsing the internet, you may encounter geo-locked content. If you need to access it, you have no choice but to fire up a VPN and spoof your location to where the content is allowed. However, you don't have to use a third-party VPN just to see the content....
COMPUTERS
YOU MAY ALSO LIKE
NewsBreak
Data Security
NewsBreak
Technology
NewsBreak
Computers
TechRadar

Windows 11's best app gets better at searching your smartphone

Microsoft is working on an update to its Phone Link app that allows smartphones to be controlled in Windows 11 by adding a search bar and fixing some bugs. Available on the Microsoft Store (opens in new tab) as well as a companion app on the Google Play Store (opens in new tab), the app connects to your Android smartphone, where you can access photos, make and receive calls, drag and drop files, send and receive messages, all on Windows 11.
CELL PHONES
TechRadar

Samsung fined $9.7m over 'misleading' adverts

Samsung (opens in new tab) Australia has been fined AU$14 million ($9.72m) after admitting some of its advertising misled customers about the level of water resistance offered by some of its handsets. The Australian Competition and Consumer Commission (ACCC) ruled nine adverts published across Facebook, Twitter, Instagram, on its website,...
BUSINESS
EWN

Coinbase Is Bidding Goodbye To Its “Pro” Service Version

Coinbase is discontinuing its Coinbase Pro version. The platform is migrating all its services under one account alongside introducing a new Advanced Trade feature on Coinbase. Crypto exchange Coinbase has announced that it’s putting a stop to its Coinbase pro version of services by the end of this year. The exchange further stated that it will be replacing its pro version by introducing an Advanced trade option on Coinbase.com to help simplify crypto transactions for the masses.
MARKETS
TechRadar

This Android malware is so dangerous, even Google is worried

Google has confirmed reports of the existence of an extremely potent Android malware (opens in new tab), and notified victims that they’re being targeted. In a blog post (opens in new tab), Benoit Sevens, and Clement Lecigne of the company’s Threat Analysis Group said cybersecurity researchers from Lookout were right when they discovered, and warned users, of the existence of a dangerous Android virus (opens in new tab) called Hermit.
CELL PHONES
makeuseof.com

What Is a Next-Generation Firewall (NGFW)?

As the threat landscape continues to expand and evolve, especially in the cloud, traditional firewalls are falling behind and are unable to deliver protection at a scale companies and individuals need. Users working with sensitive data need specialized firewalls that can be multifunctional, programmable, work together with antivirus software, and...
TECHNOLOGY
TechRadar

Best malware removal for 2022: paid and free services

The best malware removal software makes it simple and easy to remove viruses, trojans, and ransomware, as well as protect your computer from further infections. Installing the best antivirus (opens in new tab) software is up there with the best ways to safeguard against malware. However, if your machine has been infected, this guide will provide you with the best tools for getting rid of it.
CELL PHONES
TechRadar

TechRadar

40K+
Followers
43K+
Post
5M+
Views
ABOUT

Its mix of genuine and reliable advice alongside entertaining and fun to read editorial content is why millions of people trust TechRadar to give them tech advice on everything from the latest smartphone releases to the best in digital cameras.

 http://www.techradar.com

Comments / 0

Community Policy