Access and Feeds

Open Source: Outdated Components Threaten Security

By Dick Weisinger

Open Source software has become ubiquitous. A study by Synopsys found that 99 percent of the 1250 commercial products investigated contained at least one open source component. In fact, the average application has 445 open-source components.

But the Synopsys report also found that 91 percent of those open source components were out of date by more than four years, and many of the open source projects were abandoned with more than two years of no activity. That could lead to security and stability problems.

Tim Mackey, principal security strategist of the Synopsys Cybersecurity Research Center, said that “it’s difficult to dismiss the vital role that open source plays in modern software development and deployment, but it’s easy to overlook how it impacts your application risk posture from a security and license compliance perspective.”

Mackey said that “the problem is that there is often a disconnect. The developers are making decisions of what to bring in, and somewhere, someone may have wrote down a policy for what open-source components can be used, but it is so cumbersome and it is a speed bump to innovation – that people are working around it.”

As Frank Nagle, professor at Harvard Business School, said that “understanding which components are most widely used and most vulnerable will allow us to help ensure the continued health of the ecosystem and the digital economy.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *