Report: Overwhelming majority of codebases have open source vulnerabilities, half deemed high-risk
February 22, 2023 – Published on SC Magazine
Despite the industry’s increasing focus on software supply chain security, the overwhelming majority of organizations’ software codebases still contain high-risk open source vulnerabilities, according to a new report from Synopsys.
The company, which provides application security services, said in its annual Open Source Security and Risks Analysis (OSSRA) that among the 1,703 codebases across 17 industries examined in 2022, 84% of codebases contained at least one known open source vulnerability, and nearly half (48%) of those were considered high-risk.
The Log4j vulnerability was just one of many vulnerabilities highlighting how an increasing number of organizations have adopted free open source code without proper vulnerability management process, making them ripe for potential exploitation.
Kristen Bell, director of application security engineering at GuidePoint Security, said organizations should eliminate some of the “tail wagging the dog” by maturing their current vulnerability management process and standards to address the persistent threat of open source vulnerabilities.
Read More HERE.