Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities

By

SBOMs cited as a necessary step in reducing risks.

High-risk vulnerabilities have increased at an "alarming" rate in the past five years, according to the eighth edition of the Open Source Security and Risk Analysis (OSSRA) report from Synopsys.

Since 2019, "high-risk vulnerabilities in the Retail and eCommerce sector jumped by 557%," the report states. "Comparatively, the Internet of Things (IoT) sector, with 89% of the total code being open source, saw a 130% increase in high-risk vulnerabilities in the same period. Similarly, the Aerospace, Aviation, Automotive, Transportation, and Logistics vertical was found to have a 232% increase in high-risk vulnerabilities."

The report, which includes recommendations to help teams reduce risks associated with both open source and proprietary code, says the first step "involves a comprehensive inventory of all software a business uses, regardless of where it comes from or how it's acquired" – in other words, a Software Bill of Materials (SBOM).

"This is a foundational strategy towards understanding and reducing business risk by defending against software supply chain attacks," says Jason Schmitt, general manager of the Synopsys Software Integrity Group.

 
 

 
 

02/27/2023

Related content

  • News for Admins
    In the news: StarlingX 8.0 Edge Platform; Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities; Akamai Connected Cloud; Red Hat Enterprise Linux Available on Oracle Cloud; Wine 8.0; LibreOffice 7.5; Veracode Report Tracks Security Flaws Over the Application Lifecycle; and Malware Remains Top Cause of Cybersecurity Incidents.
    more »
  • Open Source Malware on the Rise, According to Sonatype Report
    more »
  • Photo by Fancycrave on Unsplash
    Vulnerability assessment best practices for enterprises
    A vulnerability assessment is an important step toward protecting an organization's critical IT assets.
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
  • Lead Image © Tjefferson, Fotolia.com
    Security and automation with SBOMs
    Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities.
    more »
comments powered by Disqus