Apps that come with open-source code are putting organisations at risk, according to a new report by Black Duck. As you might imagine, many companies are using apps with open-source code.
Black Duck’s Center for Open Source Research & Innovation analysed 1,071 apps audited during 2016 and found that 96 per cent of them had open source. Out of that number, more than 60 per cent had open source security vulnerabilities.
In the financial industry, there were 52 open source vulnerabilities per application. Sixty per cent had ‘high-risk’ vulnerabilities. In the retail and e-commerce industry, there was the highest proportion of apps with high-risk open source vulnerabilities – 83 per cent.
License conflicts are ‘widespread’, the report continues. Among the audited apps, they had 147 open source components on average, and 85 per cent of components with license conflicts. Most commonly, those are GPL license violations.
“Open source use is ubiquitous worldwide and recent research reports show that between 80% and 90% of the code in today’s apps is open source. This isn’t surprising because open source is valuable in lowering dev costs, accelerating innovation and speeding time to market. Our audits confirmed the universal use, but also revealed troubling levels of ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges,” said Black Duck CEO Lou Shipley.
Image source: Shutterstock/Imilian