《Snyk：2022年开源安全状况报告（英文版）（33页）.pdf》由会员分享，可在线阅读，更多相关《Snyk：2022年开源安全状况报告（英文版）（33页）.pdf（33页珍藏版）》请在三个皮匠报告上搜索。

1、In Partnership With:Addressing Cybersecurity Challenges in Open Source SoftwareThe current state of open source software security and methods to address and improve your cybersecurity postureOpen source software(OSS)has become an integral part of the technology landscape,as inseparable from the digi

2、tal machinery of modern society as bridges and highways are from global transportation infrastructure.According to one report,typically 70%to 90%of a modern application stack consists of pre-existing OSS,from the operating system to the cloud container to the cryptography and networking functions,so

3、metimes up to the very application running your enterprise or website.Thanks to copyright licenses that encourage no-charge re-use,remixing,and redistribution,OSS encourages even the most dogged of competitors to work together to address common challenges,saving money by avoiding duplication of effo

4、rt,moving faster to innovate upon new ideas and adopt emerging standards.However,this ubiquity and flexibility can come at a price.While OSS generally has an excellent reputation for security,the communities behind those works can vary significantly in their application of development practices and

5、techniques to reduce the risk of defects in the code,or to respond quickly and safely when one is discovered by others.Often,developers trying to decide what OSS to use have difficulty determining which ones are more likely to be secure than others based on objective criteria.Enterprises often dont

6、have a well-managed inventory of the software assets they use,with enough granular detail,to know when or if theyre vulnerable to known defects,and when or how to upgrade.Even those enterprises willing to invest in increasing the security of the OSS they use often dont know where to make those inves