When criminals breached Equifax’s

relemedf5w023 · Post by **relemedf5w023** » Wed Feb 12, 2025 9:54 am

The Wide-ranging Impact of Open Source Vulnerabilities
Vulnerable open-source components were found in applications across all industries, with the highest proportion found in the Internet and software infrastructure company, with 67% of applications containing high-risk open-source vulnerabilities.

Ironically, 41% of applications at a cybersecurity company had the same vulnerabilities.

Organizations are allowing a growing number of mexico whatsapp data to accumulate in their code base. On average, vulnerabilities identified by audits have been known for almost six years.

“ network using a vulnerability in Apache Struts, the need for open source security controls became clear,” said Evan Kline, Black Duck’s product marketing manager responsible for preparing the OSSRA. “However, even though the Struts vulnerability was disclosed in March 2017, many organizations apparently still had not tested their applications for it.”

Abundance of license violations
74% of audited code bases contained components that violated licenses, most often the General Public License (GPL).

The share of apps with licensing conflicts is relatively low among retail and e-commerce companies (61%) and 100% among telecommunications and wireless carriers.

As the code base changes, an organization's application security must evolve to remain effective, the report says.

The report argues that no single technique can detect all vulnerabilities, so in addition to static and dynamic code analysis, organizations should include software composition analysis (SCA) in their arsenal.

"With the addition of SCA, organizations can more effectively detect vulnerabilities in open source components, regardless of the license their use of open source requires," the report says.

By integrating policies, processes, and automated solutions into the software development lifecycle to identify, manage, and secure open source, organizations can maximize the benefits of open source while effectively managing the risks associated with its vulnerabilities and licensing.