Synopsys, Inc. Study Shows Open Source Security Top-Of-Mind But Patching Too Slow
December 08, 2020 at 09:05 am EST
Share
Synopsys, Inc. released the report, DevSecOps Practices and Open Source Management in 2020. Produced by the Synopsys Cybersecurity Research Center (CyRC), the report highlights the findings from a survey of 1,500 IT professionals working in cyber security, software development, software engineering, and web development. The report explores the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code. Open source plays a critical role in today's software ecosystem. The overwhelming majority of modern codebases contain open source components, with open source often comprising 70% or more of the overall code. Yet paralleling the growth of open source use is the mounting security risk posed by unmanaged open source. In fact, according to the 2020 OSSRA report, 75% of the codebases audited by Synopsys contain open source components with known security vulnerabilities. To combat this situation, respondents to the survey cite identification of known security vulnerabilities as the number one criterion when vetting new open source components.
Synopsys Inc. specializes in the development and marketing of software programs aimed mainly at manufacturers of semi-conductors, computers and electronic equipment. Net sales break down by activity as follows:
- sale of software and hardware (82.4%): sale of software for the automation of integrated circuit design, pre-designed circuits for semiconductors, software and hardware for the validation of electronic systems, etc.;
- provision of services (17.6%): consulting, maintenance and technical assistance services in the areas of software security, quality and compliance.
Net sales are distributed geographically as follows: the United States (47.7%), China (15.2%), Korea (10.9%), Europe (10.2%) and other (16%).