Open Source Software In The Cloud

Open Source Software (OSS) has been one of the driving forces behind the cloud revolution. However, the increased use of OSS in the cloud also increases risk and complexity, increasing the likelihood of redundant or abandoned software, malicious content and slower patching cycles. 

Researchers at Palo Alto Networks' Unit 42 analysed the cloud environments of more than 1,300 organisations over the past 12 months and they have now published an important Report. They  have linked the prominent use of open source software to an increased need for vulnerability vigilance on the part of organisations. 

This puts the onus on end users to scrutinise the OSS before integrating it into applications. This task is particularly challenging when organisations need to manage scores of projects that are all dependent on potentially thousands of OSS.

 

  • On average, security teams take 145 hours (about six days) to resolve a security alert. 60% of organisations take longer than four days to resolve security issues.
  • In most organisations' cloud environments, 80% of the alerts are triggered by just 5% of security rules.
  • 63% of the codebases in production have unpatched vulnerabilities rated high or critical.
  • 76% of organisations don’t enforce Multi-Factor Authentifcation (MFA) for console users, while 58% of organisations don’t enforce MFA for root/admin users.

Organisations should expect the attack surface of cloud-native applications to continue to grow as threat actors find increasingly creative ways to target the misconfiguration of cloud infrastructure, APIs and the software supply chain itself.

Unit42:      SDXCentral:    Contrast SecurityITPro

You Might Also Read: 

Improving The Security Of Open Source Software:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Smart Gun Uses Facial Recognition Technology
Ransomware Attack Hits US Shipyard »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

Fasken

Fasken

Fasken is one of the largest business law firms in Canada and a recognized leader in privacy and cybersecurity law.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.