Tweet
As businesses become increasingly reliant on free and open source (FOSS) software, unnecessary risks to their security posture are being taken.
A report from software supply chain security firm Sonatype paints a dire picture of the types of open-source software that businesses are relying on, perhaps as a means to cut software costs.
Its State of the Software Supply Chain Report found developers download 1.2 billion vulnerable dependencies every month, and of that number, 96% have had a non-vulnerable alternative.
[HEADING=1]A surge in OSS supply chain attacks[/HEADING]
Attacking open-source repositories that are later downloaded and integrated into corporate software is a clear example of a supply chain cyberattack.
With some 1,500 dependency changes per application every year, maintaining open-source ecosystems puts a great deal of pressure on developers, and mistakes are always going to be made.
Perhaps as a result, Sonatype is reporting that this type of cyberactivity has seen a massive surge, increasing by 633% year-on-year.
However, it believes there’s a solution: primarily, minimizing dependencies and speeding up software updates on endpoints. It also recommends raising awareness of vulnerable FOSS dependencies among engineering professionals.
Sonatype found that over two-thirds (68%) were confident their apps weren’t using vulnerable libraries, despite that fact that the same percentage of enterprise apps - 68% - were found to contain known vulnerabilities in their open-source software components.
Read more
What’s more, IT managers were over twice as likely to believe that their firms address software issues regularly during the development stage than their IT security peers.
For Sonatype, businesses need to simplify and optimize the software development process with smarter tools and more visibility, and better automation.
Supply chain attacks have been some of the most devastating cyber-incidents ever in recent years, including incidents based on the log4j vulnerability, and the SolarWinds compromise. Even today, cybercriminals are compromising organizations of all shapes and sizes using the log4j flaw.
[ul]
[li]These are the best firewalls around[/li][/ul]
Via: VentureBeat
Continue reading…
A report from software supply chain security firm Sonatype paints a dire picture of the types of open-source software that businesses are relying on, perhaps as a means to cut software costs.
Its State of the Software Supply Chain Report found developers download 1.2 billion vulnerable dependencies every month, and of that number, 96% have had a non-vulnerable alternative.
[HEADING=1]A surge in OSS supply chain attacks[/HEADING]
Attacking open-source repositories that are later downloaded and integrated into corporate software is a clear example of a supply chain cyberattack.
With some 1,500 dependency changes per application every year, maintaining open-source ecosystems puts a great deal of pressure on developers, and mistakes are always going to be made.
Perhaps as a result, Sonatype is reporting that this type of cyberactivity has seen a massive surge, increasing by 633% year-on-year.
However, it believes there’s a solution: primarily, minimizing dependencies and speeding up software updates on endpoints. It also recommends raising awareness of vulnerable FOSS dependencies among engineering professionals.
Sonatype found that over two-thirds (68%) were confident their apps weren’t using vulnerable libraries, despite that fact that the same percentage of enterprise apps - 68% - were found to contain known vulnerabilities in their open-source software components.
Read more
Stay safe with the best antivirus programs right now
More and more companies are now worried about open source security
Open source security is rapidly becoming a major concern
More and more companies are now worried about open source security
Open source security is rapidly becoming a major concern
For Sonatype, businesses need to simplify and optimize the software development process with smarter tools and more visibility, and better automation.
Supply chain attacks have been some of the most devastating cyber-incidents ever in recent years, including incidents based on the log4j vulnerability, and the SolarWinds compromise. Even today, cybercriminals are compromising organizations of all shapes and sizes using the log4j flaw.
[ul]
[li]These are the best firewalls around[/li][/ul]
Via: VentureBeat
Continue reading…