I agree with the security problem of OSS.
According to Black Duck’s latest 2017 Open Source 360 Degree survey, “the effective management of open-source is not keeping pace with the increase in use.”
The survey included 819 IT professionals, system architects, security experts and software developers from US and EMEA. Last year saw a remarkable rise in the usage of open source softwares by companies, confirmed by 60% of respondents of this survey.
55% believed that open source gives a boost to business innovation. Despite this, the concerns regarding security are there.
64% are worried about the disclosure of internal applications to misuse through weaknesses in open-source code, and 71% believe that using open-source may also reveal external apps to manipulate. There is also a concern observed by 61% that the development teams don’t stick to the internal rules and procedures. Surprisingly only 54% admitted that their companies comply to open source demands for license and only 55% are aware of security vulnerabilities. Just 44% respondents confirmed that their companies meet the security policies.
“Companies are using a tremendous amount of open source for sound economic and productivity reasons, but today most companies are not effective in securing and managing it,” said Lou Shipley, Black Duck CEO. He further adds “Today open-source comprises 80 percent to 90 percent of the code in a modern application and the application layer is a primary target for hackers. This means that exploitation of known open source vulnerabilities represents the most significant application security risk most organizations face”.
References:
Osborne, C. (2017) Open–source software management fails to meet security concerns. Available at: http://www.zdnet.com/article/open-source-software-management-falls-behind-security-concerns/(Accessed: 4 October 2017)