Three-fourths of organizations lack app component policy
Published: May 01, 2013 08:00
When it comes to developing applications, open-source component use continues to skyrocket. And like operating systems or databases, open-source components represent a rich attack vector for hackers to exploit given their commonality across organizations and applications.
Nearly 80% of the apps that developers are creating are relying on open-source components, in fact. Unfortunately, organizations continue to struggle with establishing policy to secure and govern component use. According to the survey, 76% of organizations have no component management policies in place at all – representing a potentially huge security hole.
The lack of internal controls and a failure to address security vulnerabilities throughout the software development lifecycle threatens the integrity of the software supply chain and exposes organizations to massive, unmanaged risk, according to Sonatype’s third-annual Open Source Software Development survey.
It reveals that organizations are exposed to significant risks caused by their increasing reliance on open-source components. Sonatype said that component flaws are exceedingly common -- more than 70% of applications contain components with known security flaws classified as severe or critical. Everything from Big Data, to cloud and mobile applications, are exposed to unmanaged risk.
Continue reading on Infosecurity Magazine