Open source software (OSS) is now a major part of an organization’s attack surface and organizations are being blindsided by the increased risk to their security posture. RiskSense, acquired by Ivanti, looked at the 50 most popular OSS projects and found that:

• Vulnerabilities spanned all phases of modern development from dev\test, orchestration, container, and within workloads. Learn more about the volume and the trends for the tools you use.
• Open source is generating new vulnerabilities at a historically rapid pace. Consider what this means when shared libraries and code re-use occurs with Dev teams, especially in business-critical applications.
• NVD listing lags significantly behind for OSS vulnerabilities – especially for those with the highest CVSS criticality.

To learn more, read the Spotlight report: The Dark Reality of Open Source – Through the Lens of Threat and Vulnerability Management.