Open Source Software In The Cloud
Open Source Software (OSS) has been one of the driving forces behind the cloud revolution. However, the increased use of OSS in the cloud also increases risk and complexity, increasing the likelihood of redundant or abandoned software, malicious content and slower patching cycles.
Researchers at Palo Alto Networks' Unit 42 analysed the cloud environments of more than 1,300 organisations over the past 12 months and they have now published an important Report. They have linked the prominent use of open source software to an increased need for vulnerability vigilance on the part of organisations.
This puts the onus on end users to scrutinise the OSS before integrating it into applications. This task is particularly challenging when organisations need to manage scores of projects that are all dependent on potentially thousands of OSS.
- On average, security teams take 145 hours (about six days) to resolve a security alert. 60% of organisations take longer than four days to resolve security issues.
- In most organisations' cloud environments, 80% of the alerts are triggered by just 5% of security rules.
- 63% of the codebases in production have unpatched vulnerabilities rated high or critical.
- 76% of organisations don’t enforce Multi-Factor Authentifcation (MFA) for console users, while 58% of organisations don’t enforce MFA for root/admin users.
Organisations should expect the attack surface of cloud-native applications to continue to grow as threat actors find increasingly creative ways to target the misconfiguration of cloud infrastructure, APIs and the software supply chain itself.
Unit42: SDXCentral: Contrast Security: ITPro:
You Might Also Read:
Improving The Security Of Open Source Software:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible