Is business confidence in open source software starting to cool off? According to a recent study published by the company VMware Everything seems to indicate yes. And in the background of the situation, an issue that is not recurrent is still vital for organizations: security
In fact, it We counted a few weeks ago. In this case, Microsoft was forced to launch a major security alert after verifying that many organizations in sectors such as defense, communication, aerospace and IT services had seen compromised your security by means of open source software pieces because of hackers microsoft baptized as ZINC (previously known as Lazarus)
According to the VMware study, the number of companies willing to implement open source software in production environments falls from the 95% who trusted him just a year ago, to the current 90%. In addition, this percentage is expected to continue to decrease throughout 2022.
Uncertainty and fears regarding security risks of open source elements are increasing in companies. In fact, the two biggest concerns are the ability to identify vulnerabilities in open source software, and also how to deal with them if they happen.
Reliance on addressing bugs and vulnerabilities ranks at the top of concerns for companies surveyed (61%), followed by increased security risks (53%) and lack of service level agreements (SLA) for community patches (50%).
What do companies require regarding security?
With these fears of companies on the table regarding open source software, what are the needs and/or demands of companies in this regard to reverse the situation? One stands out above the others: packaging security enhancementssomething essential to secure the supply chain.
At present, one of the most repeated complaints is that there is too many tools, manual tasks, and equipment who work in packaging in companies. What pushes this process to be slow, inefficient and even risky, says the report.
When asked what software packaging capabilities would improve security, nearly two-thirds (60%) opted for the immediate access to reliable security patches for applications or runtimes, dependencies and components of the operating system. On the other hand, 55% prefer centralized visibility of all scans as this would simplify security audits, and also half (51%) would like to automate CVEs and virus scans for each container.
There is no doubt that open source software remains a Indispensable part of many projectsHowever, the issue of security is an increasingly recurring demand and claim for companies.
In fact, in June, the cybersecurity firm Snyk, in conjunction with the Linux Foundation, published a report stating that open source software poses a “significant security risk.” Where 2 out of 5 companies even claimed not to trust the security of their open source code. This report left an important piece of information: the average number of vulnerabilities in application development is around 49, as well as 80 direct dependencies. As usual, it now takes 110 days to remediate a vulnerability in an open source project, compared to 49 days four years ago. What shows the importance yes or yes of increasing security.
