Report: Commercial Software Riddled With Open Source Code Flaws

Report: Commercial Software Riddled With Open Source Code Flaws

By Jack M. Germain

Apr 19, 2017 2:56 PM PT

Black Duck Software on Wednesday released its 2017 Open Source Security and Risk Analysis, detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges.

Black Duck conducted audits of more than 1,071 open source applications for the study last year. There are widespread weaknesses in addressing open source security vulnerability risks across key industries, the audits show.

Open source security vulnerabilities pose the highest risk to e-commerce and financial technologies, according to Black Duck’s report.

Open source use is ubiquitous worldwide. An estimated 80 percent to 90 percent of the code in today’s software applications is open source, noted Black Duck CEO Lou Shipley.

Open source lowers dev costs, accelerates innovation, and speeds time to market. However, there is a troubling level of ineffectiveness in addressing risks related to open source security vulnerabilities, he said.

“From the security side, 96 percent of the applications are using open source,” noted Mike Pittenger, vice president for security strategy at Black Duck Software.

“The other big change we see is more open source is bundled into commercial software,” he told LinuxInsider.

The open source audit findings should be alarming to security executives. The application layer is a primary target for hackers. Thus, open source exploits are the biggest application security risk that most companies have, said Shipley.

Add a Comment

Your email address will not be published. Required fields are marked *