[clug] Out-of-date, insecure open-source software is everywhere

[steve jenkin]

Kim,

Thanks very much for the article.
Another milestone in the evolution of Open Source Source.

cheers
steve

The report:

2020 Open Source Security and Risk Analysis (OSSRA) Report
<https://www.synopsys.com/software-integrity/resources/analyst-reports/2020-open-source-security-risk-analysis.html?cmp=pr-sig>

A DEEP DIVE INTO THE STATE OF OPEN SOURCE SECURITY, LICENSE COMPLIANCE, AND CODE QUALITY RISK

Open source is a great foundation for modern software development. But when not managed properly, open source can expose you to numerous risks—including licensing, security, and code quality risk.

The 2020 Open Source Security and Risk Analysis (OSSRA) Report is the resource you need to learn why you need to identify and manage the open source in your code. Based on the anonymized data from more than 1,250 audited codebases, the report provides insights and eye-opening statistics about open source security, license compliance, and code quality risk in commercial software.


> On 13 May 2020, at 15:33, Kim Holburn via linux <linux at lists.samba.org> wrote:
> 
> https://www.zdnet.com/article/out-of-date-insecure-open-source-software-is-everywhere/
> 
>> Synopsys has found that 99% of commercial software programs include at least one open-source component. But 91% of those included out of date or abandoned open-source code.
>> 
>> By Steven J. Vaughan-Nichols for Linux and Open Source | May 12, 2020 -- 19:15 GMT (05:15 AEST) | Topic: Security
>> Open Source

--
Steve Jenkin, IT Systems and Design 
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA

mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin