Over the past few month, we have seen a raging debate about the security of open-source software.
With 99% of all commercial code bases containing open-source software, open source rules the world. Yet, 74% of all codebases also contain a high-risk open-source vulnerability, according to the latest annual report on “Open Source Security and Risk Analysis” by design automation company Synopsys.
At first glance, these vulnerabilities speak against using open-source software, but the truth is a bit more complicated. As the report points out, the mean age of the vulnerabilities was 2.8 years, and most components were 10 or more versions out of date.
Code, it turns out, doesn’t age well and becomes quite problematic when it’s not constantly maintained, as all of us smartphone owners who forget critical updates will attest to. Experts even have a name for it—technical debt, and it’s all too often overlooked as a liability.
So, how did we get to the point that the vast majority of our systems contain years-old vulnerabilities, and what can we do to fix those? Join me at the Forbes Technology Council to find out!