Today, 70 to 90 percent of applications employ open source code, making more businesses susceptible to attacks as threat actors take advantage of the repair gap.
The number of open source vulnerabilities that Mend discovered and added to its vulnerability database in the first nine months of 2022 was 33% higher than the same period in 2021, demonstrating both the acceleration of vulnerabilities and the expansion in the number of published open source packages. This expanding vulnerability is a significant problem as organisations continue to heavily rely on their applications for success.
According to the report’s representative sample of 1,000 North American organisations from January to September 2022, just 13% of vulnerabilities were patched, compared to 40% for those who used contemporary application security best practises.
Even when businesses patch tens of thousands of vulnerabilities each month, it takes contemporary remediation best practises to handle the constant stream of new vulnerabilities discovered and stop a vulnerability backlog from increasing.
The surge in open source software vulnerabilities is greater than the 25 percent growth in available open source software, according to estimates. The use of prioritisation and remediation technologies, as well as routine application security scanning, are crucial because apps are the backbone of the global economy.
Malicious package attacks are also becoming more prevalent. Mend data reveals a consistent quarterly rise in malicious package publications, which increased by 79% between Q2 and Q3 of 2022. Each day, the package managers npm and rubygems received at least 10 malicious packages. In addition, more packages now include telemetry, which permits data collection, and some of these are integrated into supply chains, like in the case of valid content that depends on harmful code.