Open Source Code: The Cybersecurity Time Bomb Ticking in Your Software

All companies using open source code in their software are at risk of supply-chain attacks, says new research. Despite a grim outlook, things are improving for application security leaders. Checkmarx’s report shows 100% of surveyed AppSec professionals have faced attacks, but fewer incidents were reported in the past year.

3P
Published: July 1, 2024 12:35 pmAdded: July 1, 2024 at 5:45 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Open source code is like free pizza: it’s great until you realize the toppings include anchovies and malware. With 100% of surveyed AppSec pros having faced a supply-chain attack, it’s clear that while open source is a gift, it’s also the gift that keeps on giving… headaches.

Key Points:

  • All companies using open source code are at risk of supply-chain attacks.
  • 100% of surveyed AppSec professionals have experienced a software supply chain attack.
  • 57% of organizations focus significantly on software supply chain security.
  • Over half (54%) are investigating or planning to use a solution for these risks.
  • Checkmarx detected over 385,000 malicious open source packages in the last two years.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?