LONDON, Nov. 16, 2017 /PRNewswire/ -- Snyk, the leading solution for addressing vulnerabilities in open source libraries, today released its first annual State of Open Source Security Report. The study finds increase severity of known vulnerabilities, lapses in security know-how by code maintainers, a lack of policy on public disclosure and inadequate timelines for remediation.
The report uses data from a survey completed with over 500 open-source maintainers and users, Snyk internal data, information published by RedHat Linux and data gathered by scanning GitHub and package management registries. Key findings from the report include:
- In the past year, the number of open source packages has increased: npm packages have increased by 57 percent, Maven artifacts increased by 28 percent, Python libraries increased by 32 percent and Rubygems increased by 10.3 percent.
- 2016 saw a 53.8 percent increase in the number of open-source security vulnerabilities published and 2017 has already increased an additional 39.1 percent over last year.
- 1 in 4 maintainers do not regularly audit their codes, creating vast vulnerabilities across websites.
- Enterprises have a difficult time with known vulnerabilities and upgrading dependencies – 38.7 percent of users don't use tooling to help keep dependencies up to date leaving organizations to have to manually verify and validate new versions of dependencies.
- 79.5 percent of maintainers confirmed they had no public-facing disclosure policy in place.
"Understanding the overall state of open source security is a crucial step in the journey to making creating and consuming open source safer," said Guy Podjarny, CEO, Snyk Ltd. "Securing open-source is not something that will happen overnight. However, by making a concerted effort to improve the open source community's security posture, we can make it more resilient while ensuring it remains a thriving and vibrant ecosystem. Our report aims to deepen this understanding and highlight the steps needed to improve open source security."
Snyk helps companies use open source code and stay secure. Going beyond alerts, Snyk's solution continuously fixes vulnerabilities in open source libraries, relying on a unique proprietary vulnerability database. The open source security solution allows developers to secure their dependencies quickly and independently, so addressing issues takes minimal distraction.
About Snyk
Snyk is a developer-first security solution that helps you use open source code and stay secure. Building on its unique vulnerability database, Snyk continuously finds and fixes known vulnerabilities and license violations in open source dependencies. Snyk integrates seamlessly into the developer workflow, tightly integrating with source control (e.g. GitHub, GitLab), hooking into your CI/CD (e.g. Jenkins, Concourse) pipelines and continuously monitoring PaaS and Serverless apps in production. To learn more, visit https://snyk.io/
SOURCE Snyk
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article