Many business apps with open source code have unpatched vulnerabilities and license conflicts
Apps that come with open-source code are putting organizations at risk, according to a new report by Black Duck. As you might imagine, many companies are using apps with open-source code.
Black Duck’s Center for Open Source Research & Innovation analyzed 1,071 apps audited during 2016 and found that 96 percent of them had open source. Of those, more than 60 percent had open source security vulnerabilities.
In the financial industry, there were 52 open source vulnerabilities per application. Sixty percent had "high-risk" vulnerabilities. In the retail and e-commerce industry, there was the highest proportion of apps with high-risk open source vulnerabilities -- 83 percent.
License conflicts are "widespread," the report continues. Among the audited apps, they had 147 open source components on average, and 85 percent of components with license conflicts. Most commonly, those are GPL license violations.
"Open source use is ubiquitous worldwide and recent research reports show that between 80 percent and 90 percent of the code in today’s apps is open source. This isn’t surprising because open source is valuable in lowering dev costs, accelerating innovation and speeding time to market. Our audits confirmed the universal use, but also revealed troubling levels of ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges," says Black Duck CEO Lou Shipley.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.