Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities
High-risk vulnerabilities have increased at an "alarming" rate in the past five years, according to the eighth edition of the Open Source Security and Risk Analysis (OSSRA) report from Synopsys.
Since 2019, "high-risk vulnerabilities in the Retail and eCommerce sector jumped by 557%," the report states. "Comparatively, the Internet of Things (IoT) sector, with 89% of the total code being open source, saw a 130% increase in high-risk vulnerabilities in the same period. Similarly, the Aerospace, Aviation, Automotive, Transportation, and Logistics vertical was found to have a 232% increase in high-risk vulnerabilities."
The report, which includes recommendations to help teams reduce risks associated with both open source and proprietary code, says the first step "involves a comprehensive inventory of all software a business uses, regardless of where it comes from or how it's acquired" – in other words, a Software Bill of Materials (SBOM).
"This is a foundational strategy towards understanding and reducing business risk by defending against software supply chain attacks," says Jason Schmitt, general manager of the Synopsys Software Integrity Group.