Synopsys conducted a study of 128,782 software applications which shows that almost fifty percent are old.
“Over time, vulnerabilities in third-party components are discovered and disclosed, leaving a previously secure software package open to exploits,” Synopsys Software Integrity Group general manager Andreas Kuehlmann said in a statement. “The message to the software industry should not be whether to use open source software, but whether you are vigilant about keeping it updated to prevent attacks.”
The survey also showed that some of the vulnerability dates back to 1999.
“Coming on the heels of last month’s WannaCry outbreak, the insights in the report serve as a wake-up call that not everyone is using the most secure version of the available software,” Synopsys security strategist Robert Vamosi said. “The update process does not end at the time of software release, and an ongoing pattern of software updates must be implemented throughout the product lifecycle.”
“As new CVEs are disclosed against open source software components, developers need to know whether their products are affected, and organizations need to prevent the exploit of vulnerabilities with the latest versions when they become available,” Vamosi added.
Vanson Bourne survey mentioned that companies are not up to date considering patches and new versions. Half of the user mentioned that they have to bring a team for patches or to deal with a security issue.
“We can see with the recent WannaCry outbreak — where an emergency patch was issued to stop the spread of the worm — that enterprises are still having to paper over the cracks in order to secure their systems,” Bromium CTO and co-founder Simon Crosby said in a statement. “The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences.”
“WannaCry has certainly shined a spotlight on a problem that has plagued enterprises for years,” Crosby added. “It is simply impractical to expect enterprise organizations to continually upgrade — even when they have licenses, the actual deployment creates huge disruption, or in some instances would require an entire hardware refresh and result in huge upfront capital costs.”
____________________________________________________________________________________________
Alertsec helps you comply with HIPAA, PCI and SOX requirements.