Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Synopsys Research highlights the Pervasive Use of Outdated and Insecure Third-Party Software

by The Gurus
June 16, 2020
in Editor's News
Share on FacebookShare on Twitter

Synopsys, Inc. have today released ‘The State of Software Composition 2017’ report, following their recent investigation into the security of the software supply chain- arguably one of the most significant challenges the software industry is currently facing.
Using their own software composition analysis product, Protecode™ SC,  Synopsys analysed real-world data, over a 12-month period (Jan 1st 2016- Dec 1st 2016). The report details the analysis of 128,782 software applications, subsequently revealing 16,868 unique versions of open source and commercial software components- containing close to 10,000 unique security vulnerabilities.
As Andreas Kuehlmann, senior vice president and general manager for the Synopsys Software Integrity Group explains “By analysing large data sets and identifying trends and problem areas, we are able to provide the software development community with valuable intelligence to help them keep their software secure and up to date”. He added, “Over time, vulnerabilities in third-party components are discovered and disclosed, leaving a previously secure software package open to exploits. The message to the software industry should not be whether to use open source software, but whether you are vigilant about keeping it updated to prevent attacks.”
The research represents a variety of software including mobile, desktop and web applications, as well as firmware and embedded software from a variety of industries.  The report also details information on commonly observed 3rd party software components, the Common Vulnerabilities and Exposures (CVE) known to affect these components, the 10-point Common Vulnerability Scoring System (CVSS) rank for CVE and the Common Software Weaknesses (CWE) used to classify them
Other notable findings detailed in the report include:

  • 45 percent of the total 9,553-specific CVEs date back to 2013 or earlier
  • The Heartbleed bug still appears in the top 50 percent of all CVEs observed, even though a patch has been available since 2014
  • The oldest CVE dates back to 1999
  • The top 10 most common software components with outdated versions still being used more than 90 percent of the time include: Curl, Dropbear, Expat, libjpeg-turbo, libjpeg, libpng Linux Kernal, Lua, OpenSSL, and Pcre; if they are not updated, these software components may leave products vulnerable

Discussing the clear relevance of the report, Robert Vamosi, security strategist at Synopsys explains “coming on the heels of last month’s WannaCry outbreak, the insights in the report serve as a wakeup call that not everyone is using the most secure version of available software”. He added, “The update process does not end at the time of software release, and an ongoing pattern of software updates must be implemented throughout the product lifecycle. As new CVEs are disclosed against open source software components, developers need to know whether their products are affected, and organisations need to prevent the exploit of vulnerabilities with the latest versions when they become available.”
Download the full report here.

FacebookTweetLinkedIn
Tags: CybercybercrimeMalwareResearchSoftwaresynopsyswannacry
ShareTweet
Previous Post

Sport subjected to the same type of cyber attacks – Lord Sebastian Coe

Next Post

Dvmap: Android Malware with a New Technique for Controlling Devices appears on Google Play

Recent News

software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023
ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information