Skip to main content

Open-source security really shouldn't be this leaky

As businesses become increasingly reliant on free and open source (FOSS) software, unnecessary risks to their security posture are being taken. 

That's according to the latest report from software supply chain security firm Sonatype, which paints a dire picture of the types of open-source software that businesses are relying on, perhaps as a means to cut software costs.

As per the company's State of the Software Supply Chain Report, now in its eighth year, developers download 1.2 billion vulnerable dependencies every month, and of that number, 96% have had a non-vulnerable alternative.

A surge in OSS supply chain attacks

Attacking open-source repositories that are later downloaded and integrated into corporate software is a clear example of a supply chain cyberattack. 

With some 1,500 dependency changes per application every year, maintaining open-source ecosystems puts a great deal of pressure on developers, and mistakes are always going to be made.

Perhaps as a result, Sonatype is reporting that this type of cyberactivity has seen a massive surge, increasing by 633% year-on-year. 

However, it believes there's a solution: primarily, minimizing dependencies and speeding up software updates on endpoints. It also recommends raising awareness of vulnerable FOSS dependencies among engineering professionals.

Sonatype found that over two-thirds (68%) were confident their apps weren’t using vulnerable libraries, despite that fact that the same percentage of enterprise apps - 68% - were found to contain known vulnerabilities in their open-source software components. 

What’s more, IT managers were over twice as likely to believe that their firms address software issues regularly during the development stage than their IT security peers. 

For Sonatype, businesses need to simplify and optimize the software development process with smarter tools and more visibility, and better automation.

Supply chain attacks have been some of the most devastating cyber-incidents ever in recent years, including incidents based on the log4j vulnerability, and the SolarWinds compromise. Even today, cybercriminals are compromising organizations of all shapes and sizes using the log4j flaw. 

Via VentureBeat.

Source: TechRadar

Popular posts from this blog

Best Buy Takes $200 Off M1 iPad Air and $100 Off iPad Mini 6

Today we're tracking a pair of deals on Apple's sixth-generation iPad mini and fifth-generation iPad Air , which are available on Best Buy and Amazon. Both of these sales are notable for having nearly every model of each tablet on sale right now, with as much as $200 off select models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Starting with the 64GB Wi-Fi M1 iPad Air, Best Buy has this model for $399.99 , down from $599.99. This is an all-time low price on this model of the 2022 iPad Air, and it's available in every color. You'll also find the 256GB Wi-Fi iPad Air on sale, as well as both cellular devices, one of which is only available on Amazon. $200 OFF 64GB Wi-Fi iPad Air for $399.99 $200 OFF 256GB Wi-Fi iPad Air for $549.99 $200 OFF 64GB Cellular iPad Air for $549.99 $200 OFF 256GB Cellular iPad Air for $699.99

Revealed: iOS 18 Will Be Compatible With These iPhone Models

iOS 18 will be compatible with the same iPhone models as iOS 17, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS updates. iOS 18 will be compatible with the iPhone XR, and hence also the iPhone XS and iPhone XS Max models with the same A12 Bionic chip, but older iPhone models will miss out. Here is the full compatibility list for iOS 18: iPhone 15 iPhone 15 Plus iPhone 15 Pro iPhone 15 Pro Max iPhone 14 iPhone 14 Plus iPhone 14 Pro iPhone 14 Pro Max iPhone 13 iPhone 13 mini iPhone 13 Pro iPhone 13 Pro Max iPhone 12 iPhone 12 mini iPhone 12 Pro iPhone 12 Pro Max iPhone 11 iPhone 11 Pro iPhone 11 Pro Max iPhone XS iPhone XS Max iPhone XR iPhone SE (2nd generation) iPhone SE (3rd generation) Apple is expected to announce iOS 18 at its Worldwide Developers Conference, which begins June 10, and the update should be released to all users with a compatible iPhone in

U.S. Government Sues Adobe for Hidden Termination Fees When Canceling Subscription

The United States Department of Justice and the Federal Trade Commission today levied a lawsuit against Adobe [ PDF ] for imposing a hidden termination fee on subscribers who want to cancel their Adobe plans. Adobe is accused of forcing subscribers to "navigate a complex and challenging cancellation process designed to deter them from cancelling subscriptions they no longer wanted." Adobe offers its Creative Cloud products on a subscription basis, with fees that are paid monthly. A monthly payment suggests that it's possible to cancel anytime, but that's not how Adobe works because most customers are actually locked into a hidden annual agreement. Customers who sign up for a free trial and are then charged and signed up to the default Creative Cloud plan, which is actually an annual contract. Canceling the annual contract requires customers to pay a lump sum of 50 percent of the "remaining contractual obligation" to cancel, despite the fact that servic

iOS 18 Introduces More Charging Limit Options on iPhone 15 Models: 85%, 90%, and 95%

All four iPhone 15 models feature a setting that prevents the devices from charging beyond 80% while toggled on, which can potentially improve an iPhone battery's lifespan by reducing the time that the battery is fully charged. And with iOS 18, Apple has taken this feature a step further by adding new 85%, 90%, and 95% charging limit options. Screenshot: Aaron Perris The feature can be found in the Settings app under Battery → Charging. The charging limit feature remains exclusive to the iPhone 15 lineup on the first iOS 18 beta, with the option not found on the iPhone 14 Pro or older. The first iOS 18 beta is now available for Apple Developer Program members, and a public beta will follow in July. Following beta testing, the update should be widely released to all users with an iPhone XS or newer in September. Related Roundup: iOS 18 This article, " iOS 18 Introduces More Charging Limit Options on iPhone 15 Models: 85%, 90%, and 95% " first appeared on MacRum