Open-source components and their direction towards the future against cyber security aspects

Open-source components are becoming major building blocks of the application economy. The software giants have moved into the open-source community in ways that were never previously imaginable. Microsoft loves Linux, IBM bought Red Hat, Oracle became the steward of the open-source Java platform and language… the list goes on. On the top of this ladder, companies like Google, Adobe, Oracle, Microsoft are some of the biggest supporters of open-source software. They have contributed to a range of open-source projects over the years.

Open-source software is a rapidly growing market. It is mainly because of its features. It allows any user to access the particular programming code. The user can get an idea of what the code’s functionality does by examining the source code. Apart from that, even users can modify the code to fit specific requirements or contribute to making the code even better.

‘Total global revenue in the open-source services market will reach over 17 billion U.S. dollars in 2019 and is expected to grow into a 30-billion-dollar industry by 2022, a number which would represent a tripling in size over the span of just five years.’ source: Statista

Projected revenue of open-source services from 2017 to 2022 (in billion U.S. dollars)

According to a WhiteSource survey titled “The State of Open Source Vulnerabilities Management,”

• 96.8% of developers reported that they use open-source components “all the time,” “very often” or “sometimes.”
• Only 3.2% of developers reported that they did not use open source at all since some companies do not allow them to do so in their organizations due to policies.
• Almost 97% rely on open-source components significantly, which explains why no one responds to their usage as “rarely.”

Now, let’s find out what the 2021 OSSRA report tells us about the state of open source in commercial software!

“The 2021 Open-Source Security and Risk Analysis” (OSSRA) report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,500 audits of commercial codebases, performed by the Black Duck® Audit Services team.

The pandemic has involved explosive growth in both apps and vulnerabilities

As result of the COVID-19 pandemic, it has impacted the growth of mobile app downloads rapidly. It has also increased the corresponding likelihood that open-source vulnerabilities will be present in those apps. The “Peril in a Pandemic: State of Mobile Application Security” report shows that the number of open-source vulnerabilities increased in the audits reported in the 2021 OSSRA, and that increase is especially pronounced when looking at industry breakdowns.

Source: Synopsys, Inc.

Here are some critical insights from the 2021 OSSRA report:

• 95% of the marketing tech codebases also contained open-source vulnerabilities.
• 71% of the audited retail and e-commerce codebases contained vulnerabilities.
• As far as we know from the 2020 IBM’s cost of a data breach report, the healthcare sector moved into the top spot as the most attacked industry over the years. After all, OSSRA confirms that both the financial services/fintech and the healthcare industry sectors had codebases with open-source vulnerabilities exceeding 60%.

No software is perfect… All computer software, whether open source or proprietary, has had bugs, currently have bugs, and will continue to have bugs — but we can minimize the volume and the severity of the bugs present, as well as their impact on the users or the business.

In the end…

The digital transformation we are witnessing today is almost because of the power of open-source components. Companies of all sizes, in all industry verticals, tend to use open source to their infrastructure at some point. Yet, all that great power comes with great responsibility. Acknowledging these risks should be the first step, and investment and maintenance for Open-source security should keep continuing well. It includes continuous security testing and monitoring.

So, we came to the end of our article. I think you will learn something from this article regarding the open-source components and their security. Thank you and let’s meet with another article. Stay safe and Bye 👋.