Current estimates say that 70 – 90% of software uses open source. But how secure is open source? Open source packages are shared by developers globally, so using open source in your own applications means introducing third-party code into your projects. This can introduce security risks, and the more widely used any open source package is, the bigger the impact a security vulnerability inside it can have.
A new research project by Snyk and the Linux foundation focused on how organisations are securing their open source packages. The project looked at how developers detect and address risk. A thorough analysis of the data collected revealed some major missteps that organisations are taking when it comes to open source security. Here are three steps that organisations can take to fix those missteps and get on the path to stronger security practices around open source.