"Open-Source Vulnerabilities Add to Security Debt"

Mend found and added 33 percent more open-source vulnerabilities to its database in the first nine months of 2022 than it did in the first nine months of 2021, representing both the increase in the number of published open-source packages and the acceleration of vulnerabilities. As organizations continue to rely significantly on their applications for success, this escalating threat is a rising cause for concern. The report's representative sampling of over 1,000 North American organizations from January to September 2022 revealed that just 13 percent of vulnerabilities were remedied, compared to 40 percent remedied by those using current application security best practices. As open-source code is employed in 70 to 90 percent of apps today, more businesses are becoming susceptible to attacks as threat actors exploit the remediation gap. As security debt continues to climb, it is essential to find a means to prioritize the vulnerabilities that offer the greatest risk in order to prevent falling victim to an attack, according to Jeffrey Martin, vice president of product management at Mend. Remediation tools that can evaluate and prioritize the vulnerabilities that could have the greatest impact on systems is a crucial component of managing security debt. To achieve successful prioritization and remediation, organizations must also consider the exploitation context of vulnerabilities, both individually and in conjunction with others, in addition to their severity details. While companies patch thousands of vulnerabilities each month, preventing a growing backlog of vulnerabilities requires remediation best practices to tackle the continual stream of newly found vulnerabilities. This article continues to discuss the growth in open-source vulnerabilities and how to remediate them. 

Help Net Security reports "Open-Source Vulnerabilities Add to Security Debt"