Report: Half Global 500 Vulnerable to Open Source Security Loopholes
Published: March 30, 2012 10:00
Aspect Security and Sonatype have recently collaborated to provide the industry's first study of potential vulnerabilities in open-source computing tools. These flexible components are used by members of the Global 2,000 and other leading organizations thousands of times each day in their operations, and the implications of security frailties could be significant.
The Central Repository - which serves as a library for open-source software coding - receives four billion requests per year, contains 300,000 components, and is used by more than 60,000 development organizations worldwide. However, these flexible, interoperable systems can be modified at any time by the end user and their security is not verified in the same manner as enterprise-grade, commercial offerings. According to the report, the Global 500 is greatly at risk from these open-source tools, as more than 2.8 million insecure components were downloaded in the past year alone.
The report finds that financial firms are most at risk. According the the study, the Global 100 financial service firms downloaded more than 567,000 insecure components last single year, potentially endangering critical infrastructure. The report found that 46 million downloads of insecure versions of the 31 most popular open-source security libraries were obtained in the previous 12 months.
"The data clearly show that organizations consume huge numbers of vulnerable libraries. This is a wake-up call for software development organizations," said Jeff Williams, CEO of Aspect Security.