Warning issued about risks of open source software

Published: Friday, 16 October 2015 06:45

Enterprises across all industries are increasingly using open source software to reduce development costs and accelerate time to market. Yet there are thousands of open source security vulnerabilities reported every year, with 98 percent of companies unaware of the extent of, and licensing requirements of, the open source code they are using. Additionally, 67 percent of companies do not monitor their open source code for security vulnerabilities, says Ian Kilpatrick, chairman of Wick Hill Group.

“Because companies today lack visibility into open source code usage and licensing in their organizations,” said Kilpatrick, “they are open to security attacks, compliance issues, and legal action. Heartbleed, ShellShock and other major security bugs attacked through open source vulnerabilities, so it’s a crucial issue.”

Kilpatrick was speaking at the announcement that Wick Hill has been appointed value added distributor for Black Duck Software in the UK and the DACH (Germany, Austria and Switzerland) region. Black Duck is a US-based worldwide vendor, whose industry-leading products secure and manage open source software. 

“The advent of the Internet of Things has seen enterprise IT infrastructure shifting from hardware to software. As a result, more and more companies are moving towards open source solutions.” said Kevin Bland, director of channels and alliances at Black Duck Software. 

“However, the majority of companies using open source software will acknowledge that they don’t know what open source code they have, where it’s located, or if it has known security vulnerabilities,” he added.