October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.

October is National Cybersecurity Awareness Month (NCSAM). NCSAM is a joint effort between government and industry to raise awareness about cyber threats. This year, NCSAM highlights three areas where cyber security protections (or vulnerabilities) affect everyday Americans: citizen privacy, consumer devices, and e-commerce.

Open Source Components Affect the Security of All Consumers

A common thread in all of these consumer-facing security priorities are the building blocks of software: open source components. As developers and others in tech know, open source use is skyrocketing. Our research this year shows exponential growth in open source use. For example, in 2018, download requests for Java components grew 68% year over year to 146 billion. Downloads of npm packages reached 10 billion per week — equating to a 185% year over year.

The volume of open source component downloads mirrors the multitude of benefits they offer. Notably, component use allows for faster software production, and ultimately, faster rates of innovation as components are combined and expanded in novel ways.

BillionsJavaDownloadsHowever, the power of OSS does not come without also introducing significant risk. Open source projects have vulnerabilities. In fact, last year 51% of JavaScript packages downloaded had a known vulnerability and 10% of Java packages had a known vulnerability. Or, components could be maliciously attacked by bad actors, compromising any applications that depend on those projects.

Sonatype’s Nexus platform safeguards software supply chains around the globe. Protecting the integrity of open source software requires us to follow emerging cyber security threats, anticipate  future trends, and most importantly: develop next-generation software to combat malicious intent.

Open Source Software Underpins Everything

NCSAM is right to highlight citizen privacy, consumer devices, and e-commerce this year.

Consumers are increasingly more aware of privacy issues, especially as the world community is adjusting to GDPR, (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: