Skip to main content
close search
site logo
Dive Brief

Open source security improves as companies take on patch deployment

Published May 1, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty Images

Dive Brief:

  • About 70% of cybersecurity relies on open source as opposed to proprietary code, according to Synopsys' findings from more than 1,200 commercial codebases across industries audited in 2018.  
  • The research found 99% of the scanned codebases had more than 1,000 files containing open source components. There were nearly 300 open source components per codebase in 2018, an uptick from 257 components in 2017. 
  • While the open source community does "an exemplary job" deploying patches, a lot of companies don't apply them or track them. But the report cites some good news. Audited applications showed 60% had vulnerabilities in 2018, compared to 78% in 2017.

Dive Insight:

Bad actors depend on the popularity of open source, making it a prime target for exploiting known vulnerabilities. Attackers look for organizations neglecting timely fixes.  

Equifax's historic data breach was the result of an unpatched vulnerability on a website application. The patch was available for two months prior to exploitation of the security hole. The WannaCry attack in May 2017 spread because of a weakness in Windows 7 software, which users were informed of before the attack.

Unlike subscription-based software, proprietary and open source code demand attention because fixes are not automatically deployed. Companies require an accurate inventory of versions and components of their open source software to accurately apply patches. Still, security is improving in open source use. 

There's a heightened awareness that companies rely on software in every department. In an effort to make tasks and processes easier, non-technical employees often deploy unsanctioned and unaccounted for software applications. While their DIY approach is understandable, it comes with consequences.

The added layer of the cloud makes this deployment easier for companies, but now thousands of pieces of software can run on the cloud or on-premise systems. The software is usually a combination of off-the-shelf packages, open source software and custom-built codebases, according to the report. 

Filed Under: Security, Software

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell