The Linux Foundation questioned the security of open source software

The Linux Foundation questioned the security of open source software due to its uncontrolled use

Open source software is very popular among developers and technology companies, but unrestricted use of solutions based on it becomes a major security risk for users. About that reported in The State of Open-Source Security, co-authored by Snyk and the Linux Foundation.

    Image source: Tezos/

Image source: Tezos/

According to Snyk and the Linux Foundation, more than a third of companies are unsure about the security of their open source software solutions.

According to Snyk spokesman Matt Jarvis, software developers now have their own supply chains — instead of assembling car parts, they assemble code and attach existing components with their own unique code. While this leads to increased productivity and innovation, it also poses significant security risks.

In his opinion, the report, the first of its kind, found evidence of tech companies’ naïve ideas about the state of the ecosystem of open-source solutions. Along with the Linux Foundation, the company plans to use this information to further educate and “equip” the world’s developers so they can continue to develop software rapidly while maintaining the required level of security.

The study shows that the average application development project has 49 vulnerabilities and 80 so-called. “direct dependencies”. In addition, the time to fix identified issues in open source projects is constantly increasing. While it still took an average of 49 days to eliminate a vulnerability in 2018, it will be around 110 days in 2021.

The study is based on a survey of more than 550 respondents in the first quarter of 2022 and on data from the open source database Snyk, which contains information on 1.3 billion open source projects.

It is reported that only 49% of companies have a specific security policy for developing or using open source software, compared to only 27% of medium and large companies. About 30% of companies even admitted that they have no single person directly or indirectly responsible for the security of open source programs. Additionally, the same companies had no security policy related to the issue.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment