{"id":2907,"date":"2017-06-09T14:31:38","date_gmt":"2017-06-09T14:31:38","guid":{"rendered":"https:\/\/www.openbusinesscouncil.org\/?p=2907"},"modified":"2020-02-27T09:31:57","modified_gmt":"2020-02-27T09:31:57","slug":"synopsys-research-highlights-pervasive-use-outdated-insecure-third-party-software-components","status":"publish","type":"post","link":"https:\/\/www.footballthink.com\/synopsys-research-highlights-pervasive-use-outdated-insecure-third-party-software-components\/","title":{"rendered":"Synopsys Research Highlights the Pervasive Use of Outdated and Insecure Third-Party Software Components"},"content":{"rendered":"

\"Synopsys<\/a>
Synopsys Research Highlights the Pervasive Use of Outdated and Insecure Third-Party Software Components<\/figcaption><\/figure>
\nSynopsys Research Highlights the Pervasive Use of Outdated and Insecure Third-Party Software Components
\n<\/b>
\nAnalysis of More Than 120,000 Applications Found that Half of Third-Party Software Components in Use Are Outdated
\nLONDON<\/strong>, <\/strong>UK<\/strong>. <\/strong>June 9, <\/strong>2017 <\/strong>\u2013 Synopsys, Inc.<\/a> (Nasdaq:\u00a0SNPS<\/a>) today released its report, \u201cThe State of Software Composition 2017,\u201d which analysed real-world data to investigate the security of the software supply chain \u00ad one of the most significant challenges the software industry faces today. The report summarises the analysis of 128,782 software applications, which identified 16,868 unique versions of open source and commercial software components containing almost 10,000 unique security vulnerabilities.
\nSynopsys used its software composition analysis product, Protecode\u2122<\/sup> SC<\/a>, to analyse applications scanned from January 1, 2016 through December 31, 2016. Of the 3rd<\/sup> party software components identified through the analysis of these applications, nearly 50 percent of these components were more than four years old, and in almost every case a newer, more secure version of the software component is available.
\n\u201cBy analysing large data sets and identifying trends and problem areas, we are able to provide the software development community with valuable intelligence to help them keep their software secure and up to date,\u201d said Andreas Kuehlmann, senior vice president and general manager for the Synopsys Software Integrity Group. \u201cOver time, vulnerabilities in third-party components are discovered and disclosed, leaving a previously secure software package open to exploits. The message to the software industry should not be whether to use open source software, but whether you are vigilant about keeping it updated to prevent attacks.\u201d
\nThe research, upon which the report is based, represents a cross section of software including mobile, desktop and web applications, as well as firmware and embedded software from a variety of industries. The report includes information on the most commonly observed 3rd<\/sup> party software components, the Common Vulnerabilities and Exposures (CVE) known to affect these components, the 10-point Common Vulnerability Scoring System (CVSS) rank for CVE and <\/a>the Common Software Weaknesses (CWE) used to classify them.
\nOther key findings include:<\/p>\n