UncategorizedNew Study Finds 75% of Open Source Codebases Have Vulnerabilities

Blog

August 24, 2020 Timothy Chiu, VP of Marketing
New Study Finds 75% of Codebases Have Vulnerabilities

A new report and study, the 2020 Open Source Security and Risk Analysis report from Synopsys examined audit data from 1,250+ commercial codebases to examine how organizations are using open source code.

Some of the key findings from the study included:

  • 99% of the codebases audited included open source code components
  • 75% of codebases contained vulnerabilities
  • 49% of codebases contained high-risk vulnerabilities
  • 82% of codebases had components more than 4 years out of date

The results of this study are troubling because applications that use open source code, 3rd party code and legacy code are known to contain higher levels of vulnerabilities as indicated by this study.

Organizations may feel pressured to use open source codebases, as the COVID-19 pandemic has forced many workers to work from home, requiring updates to many applications.  The pressure to release code as soon as possible has never been greater.  With more open source code found in applications, it’s more important than ever to protect applications that are running in production.


K2 Cyber Security can help cyber security teams by providing runtime application security with the least false positives using deterministic security that detects new zero day threats.  K2 protects applications with vulnerabilities and provides alerts based on severity and includes actionable alerts that provide complete visibility to the attacks and the vulnerabilities that the attacks are targeting including the location of the vulnerability within the application, providing details like file name and line of code where the vulnerability exists to help reduce the time to remediation.

K2 Cyber Security Platform offers two use cases, for additional visibility during pre-production (development) penetration testing, while the other is runtime protection for applications in production.  In the second use case,  K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts.  Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge.  Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended.  There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has minimal false alerts.

Change how you protect your applications, and check out K2’s application workload security solution.

Find out more about K2 today by requesting a demo, or get your free trial.


 

 

Share this

Leave a Reply

Your email address will not be published. Required fields are marked *

K2 CYBER SECURITY

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks including OWASP Top 10 and memory-based attacks, and provides additional vulnerability detection. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production servers to identify the location of the vulnerable code in real-time. K2’s solution generates almost no false alerts, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools including Web Application Firewalls, and dramatically reduces security cost. K2 Cyber Security is located in the USA, and provides cyber security solutions globally.

CONTACT INFO

K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131