Dive Brief:
- A security firm released a new report on Wednesday that found open-source components in commercial applications can expose businesses to "dozens" of old bugs, according to a ZDNet report.
- Black Duck Software’s report found that 67% of the 200 commercial applications it reviewed over a six month period contained vulnerable open-source components.
- Each application had an average of five vulnerable components, according to the report.
Dive Insight:
Black Duck Software also found that the average commercial application has more than 100 open-source components, though customers are usually aware of only about half of them. That lack of visibility is a concern.
"This indicates that the organizations didn't know about the vulnerabilities, either because they didn't know the component was present, or had not checked public resources for vulnerability information," the report said.
The average bug identified in the study was more than five years old.
The open-source bugs are worrisome because the role of open source has been steadily growing over the last several years. Open source is gaining momentum because it allows amateurs and professionals alike to make better software faster than ever before. And because it offers advantages in terms of cost, control and innovation, experts predict open source tools will soon be a much higher percentage of every IT organization’s environment.
