Report Shines Spotlight On Open Source Software Security Challenges
DevOps.com, Tuesday, December 10th, 2024
An analysis of more than five million open-source software packages published by Lineaje, a provider of a platform for tracking open-source software components, finds 95% of security issues involve some type of open-source software package dependency, with more than half (51%) of the vulnerabilities discovered having no known existing fix available.
Overall, the report concludes that 90% of modern applications use open-source components, with a typical application consisting of about 70% open source while the rest is private first-party code or third-party code.
The report also noted that 5% to 8% of all open-source components of any application were contributed from an unknown source, had been tampered with, or were of dubious origin. More troubling still, 70% of open-source software components are either no longer maintained or poorly maintained, according to the report.