Flaws in Open Source Components Pose Increasing Risk to Apps: Study
Open source components have been increasingly used by developers, but failure to patch vulnerabilities in this type of software can pose serious risks. The 2018 Open Source Security and Risk Analysis (OSSRA) report published on Tuesday by Synopsys shows that of the more than 1,100 commercial codebases analyzed by the company last year, 96% contained open source components, the same percentage as the previous year. However, many applications now contain more open source than proprietary code, with the percentage of open source components in the codebases of scanned apps increasing from 36% in 2016 to 57% in 2017. The largest percentage of high risk open source flaws was identified in the applications of Internet and software infrastructure (67%), Internet and mobile apps (60%), virtual reality, gaming and media (50%), and cybersecurity companies (41%). “Open source components are governed by one of about 2,500 known open source licenses, many with obligations and varying levels of restriction. “These license requirements can be managed and complied with only if the open source components governed by those licenses are identified.