Please ensure Javascript is enabled for purposes of website accessibility

Survey: Software left vulnerable

Three out of four organizations that build software applications either have failed to adopt policies to prevent the use of vulnerable software components or have neglected to ban even a single component to enforce existing policies, according to a new survey sponsored by Sonatype, of Fulton, a software supply chain management company, and venture capital firm New Enterprise Associates  Inc. In the survey, three out of 10 respondents acknowledged they either had or suspect a breach was caused by an open source component within the last 12 months. The 2014 State of Open Source Development and Application Security Survey questioned more than 3,300 software developers, architects and application security professionals around the world.