Open source reliance is creating a bunch of security issues

OSS has many benefits, but creates plenty of risk too

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Although many companies are heavily reliant onopen source software(OSS) as they seek to accelerate their digital efforts, a new report from VMware Tanzu suggests IT leaders are also conscious of the inherent risks.

Based on a poll of executives, team managers and open source contributors, the report states that 95% of companies use OSS in production, with larger enterprises (1,000+ employees) the most likely to use community open source.

They see many benefits to OSS in production, including reduced costs, more flexibility, a large community that acts as support, as well as improved developer productivity.

However, they are also wary of the numerous cybersecurity risks associated with using open source software. For example, using OSS means companies need to rely on the community to fix bugs and patch vulnerabilities. Most respondents (63%) also concede there are no guarantees vulnerabilities will be remedied or patched, while 54% said it was difficult to keep up to date on vulnerabilities in OSS software.

Too many cooks

Further, respondents cited problems with packaging OSS for production, as well as questions of ownership. Many find it challenging to check if dependencies are compliant, while some struggle tracking dependencies installed by package managers.

For packaging, one in ten organizations use no tools whatsoever, while two-thirds use multiple tools, which only adds further complexity to the process. And while the majority (65%) have at least one team responsible for packaging OSS, some have as many as five teams.

In most firms, the security team is not ultimately responsible for validating and approving the security of OSS in production, while in a tenth of organizations there is no single owner.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As if the situation wasn’t complicated enough, more than half (54%) use different security tools for OSS than they do for other software.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind