Open-source software has become the foundation of the digital economy: Estimates are that it constitutes 70 to 90% of any given piece of modern software.
But while it has many advantages — it is collaborative, evolving, flexible, cost-effective — it is also rife with vulnerabilities and other security issues both known and yet to be discovered. Given the explosion in its adoption, this poses significant risk to organizations across the board.
Emerging issues are compounding longstanding, traditional vulnerabilities and licensing risks — underscoring the urgency and importance of securing open-source software (OSS) code made publicly and freely available for anyone to distribute, modify, review and share.
“Recently, the open-source ecosystem has been under siege,” said David Wheeler, director of open-source supply chain security at the Linux Foundation.