The widespread use of open source software within modern application development leads to significant security risks, according to a new report.
The research from developer security firm Snyk and the Linux Foundation finds 41 percent of organizations don’t have high confidence in their open source software security.
The average application development project has 49 vulnerabilities and 80 direct dependencies (open source code called by a project). Plus, the time it takes to fix vulnerabilities in open source projects has steadily increased, more than doubling from 49 days in 2018 to 110 days in 2021.
“Software developers today have their own supply chains — instead of assembling car parts, they are assembling code by patching together existing open source components with their unique code. While this leads to increased productivity and innovation, it has also created significant security concerns,” says Matt Jarvis, director, developer relations at Snyk.
