Vulnerable software components widely used by enterprises

The average UK enterprise has downloaded over 21,000 software components with a known vulnerability in the past year alone, according to new data from Sonatype the DevSecOps automation specialist. Sonatype's fifth annual State of the Software Supply Chain Report has studied over 12,000 enterprise development companies globally and shows that of the average 248,000 open source components downloaded by British business in 2018, 8.8 percent have a known security flaw. Of these vulnerabilities, 30 percent -- some 6300 -- are deemed to be critical, posing a serious risk to the security of software. Adversaries are increasingly targeting open source components… [Continue Reading]