Two reports on open source software security identify risks to development processes that aren’t always addressed in the DevSecOps process
WhiteSource today published it’s first ‘State of Open Source Vulnerabilities Management’ report. According to the WhiteSource research, the number of reported open source software (OSS) vulnerabilities rose by 61.2 percent last year. It also found that 96.8 percent of developers rely upon open source components, and 32 percent of the top 100 projects have at least one open source vulnerability. Meanwhile, the fourth Sonatype State of the Software Supply Chain report was also published this week and reveals just how widespread the use of vulnerable software components is.