/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW YORK, USA: White Source, provider of Open Source Lifecycle Management solutions reveals that 85 percent of all software projects loaded to its service by new customers had some out of date open source components.
Altogether, 14 percent of all libraries in use are out of date said a company release.
These alarming findings represent substantial risks to both software vendors and customers, since patches are usually released in response to major bugs or security vulnerabilities.
This is probably because most software developers lack the tools, and often the motivation, to continuously monitor new releases of open source components they use, the release added.
In today's business climate, using open source software components as part of the development of new products is imperative. From a security perspective, open source software is also openly available for hackers to analyze and identify vulnerabilities.
Then, while security issues are often fixed quickly by the community, these updates also reveal the security issue being addressed, increasing further the vulnerability of those that did not patch their system accordingly. To keep to high security standards, software developers must continuously watch for new updates, and patch as soon as updates are released, the report added.
Likewise, it is clearly beneficial to frequently update open source modules for bug fixes, performance improvements, and even functional enhancements.
Unfortunately, development teams are often concerned with open source only when they are actively developing new functionality, or when customers complain. Typically, once the development task is accomplished, no one is tasked with continuously monitoring updates to open source components.
Developers will rarely spot an update that does not result in a defect that is reported by their users, it added.
"Using the most updated open source version substantially reduces business and technical risks. Current versions fix crucial bugs, performance issues, and security vulnerabilities, and often contain additional functionality," said White Source CEO Rami Sass.
"White Source Software alerts users promptly and automatically whenever new open source patches are released, saving developer's time and eradicating out-of-date open source libraries that endanger the organization and its customers," added Sass.
Following are the findings of the recent research:
* 85 percent of software projects loaded to White Source relied on at least one open source library that was out of date.
* On average, 14 Percent of all open source libraries across all projects and all customers were out of date.
To address this issue, the company claims that it provides its customers with real-time proactive alerts whenever a new version is available for an open source module they use.
Importantly, the alerts are limited and specific for a given customer and a given project, eliminating unnecessary sifting work, added the company.