TMCnet News
Need for Developer-Focused Security Soars as Security Vulnerabilities Almost Double in Two Years, Snyk Report RevealsLONDON, Feb. 26, 2019 /PRNewswire/ -- Snyk, the leading solution for automatically finding and fixing vulnerabilities in open source libraries, released its annual State of Open Source Security Report for 2019 today. The study finds rapid growth in disclosed vulnerabilities and reports an increase of 88 percent in application library vulnerabilities, almost double as compared to two years ago. Of the open source projects that contain vulnerabilities, the report found that 78 percent exist in indirect dependencies and not those intentionally pulled in by developers. Indirect dependencies make finding and fixing vulnerabilities significantly more complex and time-consuming. Given the increase in the number of open source vulnerabilities and the complexity of fixing them, there is an urgent need for developers to take ownership of their application security. According to the report, more than 80 percent of developers indicated they believe they should be responsible for the security of their open source code. Yet, only 30 percent rate their own security knowledge as "High," confirming a knowledge gap in their ability to effectively own security during the development process. "The report highlights that the biggest challenge that open source security faces is the growing volume of vulnerabilities and the complexity of fixing indirect vulnerabilities found in open source dependencies," said Guy Podjarny, Founder and CEO of Snyk. "As application development becomes faster and more business critical, it's important that developers consuming or creating open source embed security tooling and practices into their existing development workflows." According to , by the year 2020, more than 50 percent of companies will use container technology, up from less than 20 percent in 2017. Snyk's report demonstrates that alongside this growth, many organizations are still struggling to tackle container security, revealing that vulnerabilities in RHEL, Debian and Ubuntu rose four-fold in 2018, as compared to 2017. Snyk's research also found that of the top ten most popular default Docker images, each one of them contained at least 30 vulnerable system library versions. The official Node.js image has the most, shipping an image with 580 vulnerable system libraries installed. Additionally, the report finds that 44 percent of Docker image scans had known vulnerabilities for which there are newer and more secure base image upgrades available. The annual State of Open Source Security Report published by Snyk is comprised of data gathered in a recent survey of hundreds of open source developers and maintainers; data from public application registries, library datasets, and GitHub repositories; and Snyk's comprehensive vulnerability database, which is continuously pulling in data from hundreds of thousands of projects monitored and protected by Snyk. Other notable highlights from the report include: Application Security Responsibility
Open Source Security
Fixing Vulnerabilities
Click here to download the 2019 State of Open Source Security report. About Snyk To learn more or to sign up for free, visit https://snyk.io/ View original content to download multimedia:http://www.prnewswire.com/news-releases/need-for-developer-focused-security-soars-as-security-vulnerabilities-almost-double-in-two-years-snyk-report-reveals-300801720.html SOURCE Snyk |