‘One-in-four’ organisations don’t have faith in open source security

One-in-four organisations don’t have faith in open source security according to a report commissioned by cybersecurity firm Snyk and The Linux Foundation.

The findings were based on a survey of more than 550 respondents, as well as data pulled from “1.3 billion” open source projects from Snyk’s Open Source platform.

The report found the average application development project has 49 vulnerabilities and 80 direct dependencies.

In addition, the amount of time it takes to fix vulnerabilities within open source projects increased from 49 days in 2018 to 110 days in 2021 according to the report.

Despite firms recognising the potential dangers of open source security, the research found that less than half - 49 per cent - have a security policy in place for OSS development or usage.

Large firms are even more negligent, according to the report, with the number of firms with a specific open source security policy in place dropping down to 27 per cent among medium and large size companies.

Furthermore, less than a third - 30 per cent - of organisations without an open source security policy are aware of the fact that at the moment, no one is addressing the security of open source software.

“Software developers today have their own supply chains – instead of assembling car parts, they are assembling code by patching together existing open-source components with their unique code,” said Matt Jarvis, director, developer relations at Snyk. “While this leads to increased productivity and innovation, it has also created significant security concerns.”

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.