Synopsys Study Shows Open Source Security Top-of-Mind but Patching Too Slow
Global survey of 1,500 IT professionals finds that 40% of respondents worldwide had delivery schedules disrupted to address open source vulnerabilities
MOUNTAIN VIEW, Calif., Dec. 8, 2020 /PRNewswire/ Synopsys, Inc. (Nasdaq: SNPS) today released the report, DevSecOps Practices and Open Source Management in 2020. Produced by the Synopsys Cybersecurity Research Center (CyRC), the report highlights the findings from a survey of 1,500 IT professionals working in cyber security, software development, software engineering, and web development. The report explores the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.
Developers opinions of security and secure coding calling it a soul-withering chore and an insufferably boring procedural hinderance highlight that companies who want to harden their applications against attacks have a significant gap between those desires and getting their own developers on board, says Frank Nagle, a Harvard Business School professor and contributing author to the report analyzing the survey results. It appears that this shifting left has not fully pervaded the minds of FOSS developers, he says. Although we did not specifically ask whether developers think security is important, they likely understand that is a concern, but believe others should deal with it.