ShiftLeft has released some rare positive news on the AppSec front by reporting that based on millions of scans on its customers, they found a 97% reduction in open source software (OSS) vulnerabilities.
Only about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks, but those that do exhibit better security.
With the ever-growing threat of cyberattacks, it's more important for businesses to invest in robust cybersecurity measures. However, many businesses lack the in-house expertise to manage their security operations needs effectively.
Let’s look at what data security looks like on Linux and the often-exaggerated claims that accompany it.
Linux is a coveted target. It is the host operating system for numerous application backends and servers and powers a wide variety of internet of things (IoT) devices. Still, not enough is done to protect the machines running it.
"It’s important for the industry to understand that open source development burnout is real and can have a significant impact upon those who depend on the projects they maintain. Incentivize and recognize efforts. Don’t just take, but give back to the community."
Computer security only happens when software is kept up to date. That should be a basic tenet for business users and IT departments. Apparently, it isn’t. At least for some Linux users who ignore installing patches, critical or otherwise. A recent survey sponsored by TuxCare, a vendor-neutral enterprise support system for commercial Linux, shows companies fail to protect themselves against cyberattacks even when patches exist.
