Regarding Open Source Security Vulnerabilities: Focus On Changing Human Behaviors
Entrust, February 16th, 2023
Like all humans, coders aren't perfect. They're vulnerable, which means the software they create is vulnerable as well. This reality, combined with the persistence and evolving technical skills of threat actors, means that all software, whether it's proprietary or built using open source libraries, is susceptible to attack.
We are all familiar with the breaches associated with Open Source. Log4j, SolarWinds, Kaseya and other large-scale attacks were at least partially attributed to open source vulnerabilities and were well-covered by industry media and analysts. The ubiquity of open source code certainly contributes to attacks like these. But clearly, as we all know from our own operations, there is most often a great deal of tension between speed and security in the development process. There's so much pressure on getting software to market quickly -to drive revenue, meet customer expectations or maintain competitive advantage - that basic software hygiene doesn't receive the time and attention it deserves.