Log in
Forgot password ?
Become a member for free
Sign up
Sign up
Dynamic quotes 

4-Traders Homepage  >  Equities  >  Nasdaq  >  Synopsys    SNPS

Mes dernières consult.
Most popular
News SummaryMost relevantAll newsofficial PublicationsSector newsTweets
The feature you requested does not exist. However, we suggest the following feature:

Synopsys : Report highlights security risk of open source code to business

share with twitter share with LinkedIn share with facebook
share via e-mail
05/19/2018 | 10:52am CEST

Most software includes known vulnerabilities and licence conflicts as open source adoption soars, a report has revealed.

The Black Duck by Synopsys report is based on analysis of anonymised data from more than 1,100 commercial codebases audited in 2017 across nine industry sectors, including automotive, cyber security, financial services and healthcare.

The 2018 Open source security and risk analysis (OSSRA) report highlighted a substantial uptick in open source adoption, with 96% of the applications scanned containing open source components.

The data also showed that the average number of open source components found per codebase (257) grew by 75% compared with the previous year, with many applications containing more open source than proprietary code.

The report said it was worrying that 78% of the codebases examined contained at least one open source vulnerability, with an average 64 vulnerabilities per codebase.

More than 54% of the vulnerabilities found in audited codebases are considered high-risk vulnerabilities.

A third of the audited codebases that contained Apache Struts also had the vulnerability that resulted in the Equifax breach, while 17% contained a highly publicised vulnerability such as Heartbleed, Logjam, Freak, Drown or Poodle.

Since modern software and infrastructure depend heavily on open source technologies, having a clear view of components in use is a key part of corporate governance, said Tim Mackey, technical evangelist at Black Duck by Synopsys.

The report clearly demonstrates that with the growth in open source use, organisations need to ensure they have the tools to detect vulnerabilities in open source components and manage whatever licence compliance their use of open source may require.

Open source vulnerabilities wide reaching

Vulnerable open source components were found in applications in every industry. The internet and software infrastructure vertical had the highest proportion, with 67% of applications containing high-risk open source vulnerabilities.

Ironically, the report said 41% of the applications in the cyber security industry were found to have high-risk open source vulnerabilities, putting that vertical at fourth highest risk.

The report showed that organisations were allowing a growing number of vulnerabilities to accumulate in their codebases. On average, vulnerabilities identified in the audits were disclosed nearly six years ago.

When Equifax was breached through the Apache Struts vulnerability, the need for open source security management became front-page news, said Evan Klein, the Black Duck product marketing manager responsible for the OSSRA report.

Yet even though it was disclosed in March 2017, many organisations apparently still have not checked their applications for the Struts vulnerability.

Software licence conflicts rife

Based on the findings, 74% of the codebases audited also contained components with licence conflicts, the most common of which were general public licence (GPL) violations.

The percentage of applications with licence conflicts in verticals ranged from the retail and e-commerce industrys relative low of 61% to the high of the telecommunications and wireless industry, where 100% of the code scanned had some form of open source licence conflict.

As the codebase landscape changes, the report said an organisations application security programme also needs to evolve to continue to be effective.

According to the report, no single technique can find every vulnerability, so in addition to static and dynamic code analysis, organisations need to ensure that software composition analysis (SCA) is in their application security toolbelt.

With the addition of SCA, organisations can effectively detect vulnerabilities in open source components as they manage whatever licence compliance their use of open source may require, the report said.

By integrating policies, processes and automated solutions into the software development lifecycle to identify, manage and secure open source, the report said organisations could maximise the benefits of open source, while effectively managing its vulnerability and licence risks.

(c) Sabanews.net 1999 - 2018 Provided by SyndiGate Media Inc. (Syndigate.info)., source Middle East & North African Newspapers

Stocks mentioned in the article
ChangeLast1st jan.
EQUIFAX 1.55% 116.49 Delayed Quote.-1.21%
share with twitter share with LinkedIn share with facebook
share via e-mail
Latest news on SYNOPSYS
05/19SYNOPSYS : Report highlights security risk of open source code to business
05/17SYNOPSYS : Introduces Industry's First ASIL D Ready Embedded Vision Processor IP..
05/15SYNOPSYS : Report Finds Majority of Software Plagued by Known Vulnerabilities an..
05/14SYNOPSYS : IC Validator Certified by GLOBALFOUNDRIES for Signoff Physical Verifi..
05/09SYNOPSYS : Announces Earnings Release Date for Second Quarter Fiscal Year 2018
05/04SYNOPSYS : Cambricon Selects Synopsys HAPS for Next-Generation Artificial Intell..
04/30SYNOPSYS : Digital and Custom Design Platform Certified for TSMC's Most Advanced..
04/30SYNOPSYS : TSMC Certifies Synopsys Design Platform for High-performance 7-nm Fin..
04/30SYNOPSYS : and TSMC Collaborate to Deliver DesignWare Foundation IP for Ultra-Lo..
04/25SYNOPSYS : Security in DevOps Is Lagging Despite Advantages and Opportunities, A..
More news
News from SeekingAlpha
04/16Synopsys and Arm extend subscription agreement 
04/05Synopsys restocks repurchase authorization 
03/21Synopsys acquires Silicon and Beyond Private Limited 
02/22Synopsys +4.6% after Q1 beats, upside Q2 and FY guidance 
02/21Synopsys's (SNPS) Management on Q1 2018 Results - Earnings Call Transcript 
Financials ($)
Sales 2018 2 942 M
EBIT 2018 631 M
Net income 2018 281 M
Finance 2018 562 M
Yield 2018 -
P/E ratio 2018 51,04
P/E ratio 2019 33,20
EV / Sales 2018 4,32x
EV / Sales 2019 3,96x
Capitalization 13 274 M
Duration : Period :
Synopsys Technical Analysis Chart | SNPS | US8716071076 | 4-Traders
Technical analysis trends SYNOPSYS
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus OUTPERFORM
Number of Analysts 8
Average target price 105 $
Spread / Average Target 17%
EPS Revisions
Chi-Foon Chan President, Co-Chief Executive Officer & Director
Aart J. de Geus Chairman & Co-Chief Executive Officer
Trac Pham Chief Financial Officer
Antun Domic Chief Technology Officer
Hasmukh Ranjan Chief Information Officer & Corporate VP
Sector and Competitors
1st jan.Capitalization (M$)
SYNOPSYS4.29%13 274
RED HAT35.95%28 620
SPLUNK INC40.87%16 653
CITRIX SYSTEMS20.06%14 318