The widespread use of open source software (OSS) in modern application development poses a “significant security risk,” new research suggests.
According to a new report by cybersecurity firm Snyk along with Linux (opens in new tab) Foundation, today’s organizations are ill-prepared to address these risks.
Based on a survey of more than 550 respondents and data from 1.3 billion open source projects via Snyk Open Source, the report finds that two in five (41%) companies do not have confidence in the security of their open source code to have.
Vulnerabilities in open source code
The average application development project was found to have 49 vulnerabilities and 80 direct dependencies. It typically takes 110 days to fix a vulnerability in an open source project today, compared to 49 days four years ago.
“Software developers today have their own supply chains – instead of assembling car parts, they assemble code by using existing open…
