Synopsys Releases “2020 DevSecOps Practice and Open Source Management Report”

Open source has gradually become a new generation of software development mode, which can effectively promote rapid product iteration. However, the issue of open source risk is complex, including intellectual property and compliance risks, as well as security vulnerabilities, and a complete open source governance system has not yet been established. Thankfully, there are now security testing tools that reduce the risk of open source usage.

Synopsys, Inc. (Nasdaq: SNPS) Announces the Release of the 2020 DevSecOps Practices and Open Source Management Report Produced by the Synopsys Cybersecurity Research Center (CyRC), the report interviewed 1,500 IT professionals working in cybersecurity, software development, software engineering, and web development. The report examines the vulnerabilities that companies around the world use to address open source vulnerabilities. policies to manage and the growing problem of obsolete or deprecated open source components in commercial code.

Open source plays a vital role in today’s software ecosystem. The vast majority of modern codebases contain open source components, and open source typically makes up 70% or more of the entire code. However, the growth in open source usage comes with the growing security risks posed by unmanaged open source. In fact, the 2020 Open Source Security and Risk Analysis report (OSSRA) states that 75% of codebases audited by Synopsys contain open source components with known security vulnerabilities. In response to this situation, respondents cited the identification of known security vulnerabilities as a top criterion when reviewing new open source code components.

“It’s clear that unpatched vulnerabilities are a major contributor to developer distress and ultimately business risk,” said Tim Mackey, chief security strategist at Synopsys’ Center for Cybersecurity Research. “The 2020 DevSecOps Practices and Open Source Management Report highlights that enterprises How to strive to effectively track and manage its open source risk.”

Tim Mackey continued: “More than half (51%) of respondents said it takes two to three weeks to apply open source patches, which may be related to the fact that only 38% of respondents use automated software Component Analysis (SCA) tools to determine which open source components are used and when to release updates. The rest of the organization may employ manual operational processes to manage open source, which can slow down development and operations teams, forcing them to release on an average day Dozens of new security disclosures come down to catch up with security.”

Other points worth noting from the 2020 DevSecOps Practices and Open Source Management Report include:

DevSecOps is growing rapidly globally. A total of 63% of respondents said they were integrating some DevSecOps activities into their software development plans.

Application Security Testing (AST) tools are not widely adopted. As can be seen from respondents’ responses to the questionnaire, there is no shortage of tools and techniques for application security testing. However, even the highly used AST tools are used by less than half of the respondents.

The media plays an important role in open source risk management. Forty-six percent of respondents indicated that media coverage prompted them to exercise stricter control over their use of open source.

47% of respondents define standards based on how long they have used open source components. A growing problem in the open source community is the sustainability of projects. Synopsys’ 2020 OSSRA report shows that 91% of codebases audited in 2019 contained components that were more than four years out of date or had no development activity in the past two years. Deploying outdated code increases security risks, including the risk of open source components being hijacked. Such as an incident in 2018: the event-stream component was injected with malicious code with the purpose of stealing bitcoins from Copay wallets.

Download the 2020 DevSecOps Practices and Open Source Management Report, or click here to learn more about open source security and license compliance.

Open source has gradually become a new generation of software development mode, which can effectively promote rapid product iteration. However, the issue of open source risk is complex, including intellectual property and compliance risks, as well as security vulnerabilities, and a complete open source governance system has not yet been established. Thankfully, there are now security testing tools that reduce the risk of open source usage.

Synopsys, Inc. (Nasdaq: SNPS) Announces the Release of the 2020 DevSecOps Practices and Open Source Management Report Produced by the Synopsys Cybersecurity Research Center (CyRC), the report interviewed 1,500 IT professionals working in cybersecurity, software development, software engineering, and web development. The report examines the vulnerabilities that companies around the world use to address open source vulnerabilities. policies to manage and the growing problem of obsolete or deprecated open source components in commercial code.

Open source plays a vital role in today’s software ecosystem. The vast majority of modern codebases contain open source components, and open source typically makes up 70% or more of the entire code. However, the growth in open source usage comes with the growing security risks posed by unmanaged open source. In fact, the 2020 Open Source Security and Risk Analysis report (OSSRA) states that 75% of codebases audited by Synopsys contain open source components with known security vulnerabilities. In response to this situation, respondents cited the identification of known security vulnerabilities as a top criterion when reviewing new open source code components.

“It’s clear that unpatched vulnerabilities are a major contributor to developer distress and ultimately business risk,” said Tim Mackey, chief security strategist at Synopsys’ Center for Cybersecurity Research. “The 2020 DevSecOps Practices and Open Source Management Report highlights that enterprises How to strive to effectively track and manage its open source risk.”

Tim Mackey continued: “More than half (51%) of respondents said it takes two to three weeks to apply open source patches, which may be related to the fact that only 38% of respondents use automated software Component Analysis (SCA) tools to determine which open source components are used and when to release updates. The rest of the organization may employ manual operational processes to manage open source, which can slow down development and operations teams, forcing them to release on an average day Dozens of new security disclosures come down to catch up with security.”

Other points worth noting from the 2020 DevSecOps Practices and Open Source Management Report include:

DevSecOps is growing rapidly globally. A total of 63% of respondents said they were integrating some DevSecOps activities into their software development plans.

Application Security Testing (AST) tools are not widely adopted. As can be seen from respondents’ responses to the questionnaire, there is no shortage of tools and techniques for application security testing. However, even the highly used AST tools are used by less than half of the respondents.

The media plays an important role in open source risk management. Forty-six percent of respondents indicated that media coverage prompted them to exercise stricter control over their use of open source.

47% of respondents define standards based on how long they have used open source components. A growing problem in the open source community is the sustainability of projects. Synopsys’ 2020 OSSRA report shows that 91% of codebases audited in 2019 contained components that were more than four years out of date or had no development activity in the past two years. Deploying outdated code increases security risks, including the risk of open source components being hijacked. Such as an incident in 2018: the event-stream component was injected with malicious code with the purpose of stealing bitcoins from Copay wallets.

Download the 2020 DevSecOps Practices and Open Source Management Report, or click here to learn more about open source security and license compliance.

The Links:   CM300DY-34A KCS057QV1AJ-G39 POWER-IGBT