Open source technology has become critical to companies that need solutions that fit right into their own operations. Applications built with open source technology enable corporate users of these tools to modify and customize tools — and in corporate processes, that can be hugely beneficial.
Take Oro, for instance. The company’s B2B eCommerce solution OroCommerce provides an open source platform that can help SMEs more efficiently brand themselves to corporate buyers and customize interfaces for a better eProcurement experience, without corporate users having to design in-house software to fit their unique needs.
Or take payments company First Data, which acquired open source storefront platform Spree Commerce in 2015 in a significant show of support for open source technology.
The possibilities for open source applications to impact corporate and B2B operations across eProcurement, financial management, payments and beyond are boundless. But a new report from Black Duck Software says the providers of open source software may be putting themselves and their corporate customers at risk.
In Black Duck’s second Open Source Security and Risk Analysis report, released this week, the firm found that 96 percent of applications audited have some open source component in them. The pervasiveness of this technology means gaps in security and other points of friction.
“Open source use is ubiquitous worldwide and recent research reports show that between 80 percent and 90 percent of the code in today’s apps is open source,” said Black Duck CEO Lou Shipley in a statement. “This isn’t surprising because open source is valuable in lowering dev costs, accelerating innovation and speeding time to market. Our audits confirmed the universal use but also revealed troubling levels of ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges.”
Two-thirds of apps analyzed by Black Duck found vulnerabilities in their open source components. Even more troubling is that these vulnerabilities were discovered, on average, four years ago.
Financial services and FinTech are most at-risk, Black Duck found. According to its analysis, financial services apps contained an average of 52 vulnerabilities per app, with 60 percent of them considered to be high-risk vulnerabilities.
This puts the financial services space at risk in a big way, said Shipley.
“Exploits of open source vulnerabilities are the biggest application security risk that most companies have,” the executive stated.
Indeed, infiltrating a third-party app via these vulnerabilities can place not only the application developer at risk, but all of its customers, too….