Security is developers' top concern for open source components
Developers rate security as their top concern when dealing with open source components, above integration and functionality, according to a new study.
The report from open source security and license compliance management company WhiteSource reveals that an average developer invests 15 hours a month dealing with open source security vulnerabilities, but only a small fraction of that time (25 percent) is devoted to actual remediation.
There's has been a significant rise in the number of open source vulnerabilities, up 60 percent from 2016 according the report, which presents development and security teams with the challenge of ensuring that their products are secure. 96.8 percent of developers use open source components are are therefore affected by the increase.
"Our findings show a sharp increase in the number of reported vulnerabilities in open source projects, which is taking a toll on developers who rely heavily on these components," says David Habusha, VP product at WhiteSource "The research clearly shows that development teams cannot handle the influx of open source vulnerabilities and prioritization strategies and tools are becoming a necessity in order to properly secure applications."
Among other findings are that developers spend a lot of time addressing open source vulnerabilities, but the absence of standard practices and lack of developer focused tools leads to inefficient use of time.
Following a solid prioritization strategy for open source remediation will save development teams time and money, and ensure they address the most critical issues first. But the results show that they often lack standardized best practices for prioritizing vulnerabilities.
You can find out more in the full report available from the WhiteSource blog.