Open Source Code Is Dangerous and Risky Due to Widespread Use, Complaints Report Says


Open source software is increasingly popular among developers and technology companies. However, the unrestricted deployment of open source code is gradually becoming a security risk, claims a new report titled “The state of open source security”.

The Search for the Developer Security Company Snyk and the Linux Foundation claims that more than a third of organizations do not have high confidence in the security of their open source software. Speaking of reportMatt Jarvis, Director of Developer Relations at Snyk, said:

Software developers today have their own supply chains – instead of assembling auto parts, they assemble code by combining existing open source components with their unique code. While this leads to increased productivity and innovation, it has also created significant security issues.

This report, the first of its kind, found ample evidence suggesting industry naivety about the current state of open source security. Together with the Linux Foundation, we plan to leverage these discoveries to further educate and equip developers around the world, enabling them to continue building quickly, while staying safe.

Research claims that an average application development project has 49 vulnerabilities and 80 direct dependencies. Additionally, the time required to patch vulnerabilities in open source projects has steadily increased. In 2018, it took an average of 49 days to fix a security breach. In 2021, it takes about 110 days to develop a patch.

The report indicates that only 49% of organizations have a security policy for the development or use of open source software. And this figure is only 27% for medium and large companies. About 30% of organizations even admitted that no one on their team was directly responsible for, or even looked after, open source security. Moreover, these companies did not have a security policy dedicated to open source.

The report is based on a survey of over 550 respondents in the first quarter of 2022 as well as data from Snyk Open Sourcewhich involves reviewing over 1.3 billion open source projects.


Comments are closed.