Adopting open-source software and technology has the potential to improve an organizations' security posture if this technology is properly monitored and maintained. A new report from Synopsys indicates that many organizations are falling down on the job, resulting in serious security issues.
Outdated or abandoned open source components are persistent in practically all commercial software, putting enterprise and consumer applications at risk from security issues, license compliance violations, and operational threats, according to the Synopsys 2020 Open Source Security and Risk Analysis Report released Tuesday.
Synopsys researchers analyzed more than 1,250 commercial code bases. The Synopsys Cybersecurity Research Center (CyRC) examined the code base audits performed by the Black Duck Audit Services team.
The report highlights trends and patterns in open source usage within commercial applications. It provides insights and recommendations to help organizations better manage their software risk.