The insecurity of the component lifecycle
Published: May 02, 2013 08:00
Open source component use continues to skyrocket with applications now more than 80 percent component-based, while at the same time organizations continue to struggle with establishing policy to secure and govern component use. According to the Sonatype survey, 76 percent of organizations have no component management policies in-place.
The survey saw record participation from more than 3,500 developers, architects and managers across all industries, company sizes and geographic regions -- making it the largest, most comprehensive survey of its kind.
Findings show that organizations of all sizes have embraced open source components as the building blocks of modern software. But, the lack of internal controls and a failure to address security vulnerabilities throughout the software development lifecycle threatens the integrity of the software supply chain and exposes organizations to massive, unmanaged risk.
Continue reading on Help Net Security
Help Net Security