“This astonishing finding highlights how critical it is for engineering teams to continue education on open source risk and embrace intelligent automation to support their efforts. The report found open source maintainers to be, on average, efficient at delivering fixes to issues. This is in contrast to public discussion, which often associates security risk with open source maintainers. In addition to a massive surge in open source supply, demand, and malicious attacks, this year’s report found that 96% of open source Java downloads with known-vulnerabilities could have been avoided because a better version was available, but was ignored.Īccording to the report, this means 1.2 billion known-vulnerable dependencies that could be avoided are being downloaded every month, pointing to non-optimal consumption behaviors as the root of open source risk. 18, 2022 (GLOBE NEWSWIRE) - Sonatype, the pioneer of software supply chain management, today unveiled its eighth annual State of the Software Supply Chain Report at the DevOps Enterprise Summit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |