The implementation of a trusted domestic

relemedf5w023 · Post by **relemedf5w023** » Wed Feb 12, 2025 9:54 am

While continuing to hope for improved relations with the world's leading economies, we should still think about possible less positive scenarios and, accordingly, do everything possible to minimize the risks of their occurrence. For now, for large companies, government organizations and governing bodies, MDM/EMM seems to be the first thing worth doing in anticipation of an advanced domestic operating system, a domestic development environment, a domestic application store, domestic hardware and the willingness of our compatriots to consume it... .

Black Duck: Open Source Risks to Business Security Are Growing
The growing prevalence of open source code increases the risk of introducing vulnerabilities into commercial software. As TechTarget reports, citing research from Black Duck, the Apache Struts vulnerability mexico whatsapp data allowed attackers to penetrate Equifax's network has been discovered in many code bases.

The 2018 Open source security and risk analysis (OSSRA) study, conducted by Black Duck by Synopsys, is based on an analysis of anonymized data from more than 1,100 commercial codebases across nine industries, including automotive, cybersecurity, financial services, and healthcare, that were audited.

Due to the proliferation of open source code, the bulk of the software contains known vulnerabilities and licensing terms are violated, the report says.

The study found a significant increase in open source adoption. 96% of the apps scanned contained open source components. On average, the number of such components in the 257 code bases increased by 75% compared to the previous year. Many apps contained more open source than proprietary code.

78% of code bases contain at least one open source vulnerability, with an average of 64 per code base. Over 54% of vulnerabilities found are high risk.

One-third of the audited codebases that contained Apache Struts also contained the vulnerability that allowed the Equifax network to be compromised, and 17% contained widely publicized vulnerabilities such as Heartbleed, Logjam, Freak, Drown, or Poodle.

“With modern software and infrastructure relying heavily on open source technologies, having a clear view of the components being used is a critical element of enterprise governance,” said Black Duck technical evangelist Tim McKee. “Our report clearly demonstrates that as open source usage increases, organizations should ensure they have the tools to identify vulnerabilities in open source components and manage compliance with any licensing terms that open source use may require.”