Due to fears of security hazards that come from open source technologies, businesses are slowly moving away from open source software. New research has shown.
VMware, a virtualization division, has recently published a report indicating that the number of companies willing to deploy open source software in production environments increased from 95% last year to 90% this year.
The two main concerns that are causing corporations to opt elsewhere are the ability to identify and address vulnerabilities found in open source software. In fact, dependency on the community to address flaws and vulnerabilities is at the top of the list (61%), followed by increased security risks (53%), and the absence of service-level agreements (SLA) for patches from the community (50%).
Too many tools, manual tasks, and people
According to reports, businesses want to improve packaging security as open source software packaging is essential for keeping the supply chain.
Many tools, too many manual tasks, and too many teams working on packaging at most industries are apparently involved, which makes the process sluggish, inefficient, and risky.
Near two-thirds (60%) would prefer immediate access to trusted security patches to applications or runtimes, dependencies, and operating system components, while half (55%) would desire centralized visibility to all scans, as it would streamline security audits. CVE and virus scanning are also being done for every container.
Although open source software is an essential component of every project, this is not the first time questions of security have been raised. Snyk, a cybersecurity firm, published a statement last June claiming that open-source software poses a serious security threat.
According to a survey of more than 550 participants, as well as data obtained from 1.3 billion open source projects via Snyk Open Source, two out of five (41%) businesses are not aware of their open source code.
The average application development project, it was discovered, has 49 vulnerabilities as well as 80 direct dependencies. Normally, it now takes 110 days to remedy a vulnerability in an open source project, up from 49 days four years ago.