Skip to content

Recent Posts

  • Products and services Given by a Look for Motor Optimization Enterprise
  • Information Interaction Engineering (ICT) – Definition, Positive aspects And Disadvantages
  • Resisting and Developing Improve – What Leaders Ought to Know
  • The Worth of Decoupled Objects in OOP
  • How to Link With Social Media Influencer and Raise Your Conversion?

Most Used Categories

  • Tech News (512)
  • SEO (503)
  • Hosting (491)
  • Programmer (486)
  • Telecom (482)
  • Provider (271)
  • SocMed (213)
  • Business (27)
  • Technology (20)
  • Design & Development (11)
Skip to content
block blink

block blink

Experienced in technology

  • Tech News
  • SEO
  • Telecom
  • Programmer
  • Hosting
  • Provider
  • About Us
    • Advertise Here
    • Contact Us
    • Privacy Policy
    • Sitemap
  • Home
  • Report: 96% of vulnerable open-source downloads are avoidable
Report: 96% of vulnerable open-source downloads are avoidable

Report: 96% of vulnerable open-source downloads are avoidable

Bunga CitraNovember 26, 2022

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.


As the industry’s reliance on open-source software has increased, so has the number of known software supply chain attacks, with a 742% increase over the last three years, according to Sonatype’s eighth annual State of the Software Supply Chain Report. 1.2 billion vulnerable dependencies are downloaded each month, according to the report. Of these, 96% had a non-vulnerable option available. Consumer behavior, not open-source maintainers, are often cited in public discussions as the cause. 

One reason behind this trend is the increase and evolution of software supply chain attacks. The report reveals a 633% year-over-year increase in malicious attacks aimed at open source in public repositories – and an average 742% yearly increase in software supply chain attacks since 2019. 

Image source: Sonatype.

While cybercriminals are nothing new, the frequency, severity and sophistication of these malicious attacks are becoming a major issue plaguing developers and organizations around the world. Developers are being asked to maintain a working knowledge of software quality, multiple open-source ecosystems, fluctuating regulations and almost 1,500 dependency changes per year, per application – all in the face of continually-evolving attacks. 

So what can be done? Minimizing dependencies and maintaining low update times are critical factors for reducing the risk of transitive vulnerabilities — the most common source of security risk. 

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.


Register Now

Curbing vulnerabilities is about more than the security of projects, though: it affects job satisfaction, too. In a survey of engineering professionals, individuals from organizations with higher levels of software supply chain maturity were 2.7 times more likely to strongly agree with the statement, “I am satisfied with my job.” 

Interestingly, there’s a clear disconnect between security measures taking place and what people in IT think is happening. Sixty-eight percent of respondents were confident their applications are not using vulnerable libraries. However, in a random scan of enterprise applications, 68% had known vulnerabilities in their open-source software components.

IT managers were 2.4 times more likely than respondents working in information security to strongly agree with “We address remediation of security issues as a regular part of development work.” 

To innovate faster and grow at scale, organizations need to make it as easy as possible for developers to create secure, maintainable software, which includes giving them smarter tools that provide more visibility into their systems and automate their processes. 

Sonatype’s eighth annual State of the Software Supply Chain Report blends a broad set of public and proprietary data and analysis, including 131 billion Maven Central downloads, survey results from 662 engineering professionals, and the assessment of 85,000 enterprise applications. 

Read the full report from Sonatype.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

avoidable, downloads, opensource, Report, vulnerable

Post navigation

Previous: Telnet Gets Stubborn Sony Camera Under Control
Next: 111 Absolute Best Black Friday Deals Right Now (2022)

Related Posts

Information Interaction Engineering (ICT) – Definition, Positive aspects And Disadvantages

Information Interaction Engineering (ICT) – Definition, Positive aspects And Disadvantages

December 25, 2024March 24, 2023 Bunga Citra
Quality of Assistance Procedures for IP Networks

Quality of Assistance Procedures for IP Networks

December 22, 2024March 24, 2023 Bunga Citra
Omid Shekarchian and the VoIP Revolution

Omid Shekarchian and the VoIP Revolution

December 22, 2024March 24, 2023 Bunga Citra

Recent Posts

  • Products and services Given by a Look for Motor Optimization Enterprise
  • Information Interaction Engineering (ICT) – Definition, Positive aspects And Disadvantages
  • Resisting and Developing Improve – What Leaders Ought to Know
  • The Worth of Decoupled Objects in OOP
  • How to Link With Social Media Influencer and Raise Your Conversion?

Categories

  • Beauty
  • Business
  • Dental
  • Design & Development
  • Digital Marketing
  • Forex
  • Games
  • Health
  • Home Improvement
  • Hosting
  • Jewelry
  • Law and Legal
  • PC Game
  • Programmer
  • Provider
  • Real Estate
  • SEO
  • Small Business Tips
  • SocMed
  • Tech News
  • Technology
  • Telecom
  • Travel

Archives

BL

Home Improvement
Copyright @ blockblink.com | Theme: BlockWP by Candid Themes.