A quarter of organizations have suffered a breach related to their application development process over the past year, with most of these coming via open source components, according to Sonatype. The DevOps automation firm’s 2020 DevSecOps Community Survey is based on responses from 5045 software professionals around the world.
It revealed that 21% of the 24% of responding organizations that reported a breach over the past 12 months linked it to use of third-party components. These are incredibly popular among DevOps practitioners as they help to speed the release of new products, although they can also contain vulnerabilities and sometimes malware.
[Source: Infosecurity Magazine]