Critically Vulnerable Open Source Code Found in COTS AppsAugust 24, 2021 Tweet
Video interview with Michael Sampson
On August 4, Osterman Research released a software supply chain study conducted against data collected by GrammaTech’s Code Sentry Software Supply Chain testing product. Study of that data found that 100 percent of commercial applications that use open source components contain vulnerabilities within their open source components, and that 85% of the browser, email, file sharing, online meeting and messaging products tested had at least one critical vulnerability with a 10.0 CVSS (Common Vulnerability Scoring System) score, which is the highest possible.
In this video interview, Michael Sampson, Senior Analyst Osterman Research and author of the report discusses his findings and offers advice on how to avoid some of the pitfalls of open source.
A complete copy of the report is available here. GrammaTech and Osterman Research will also host a related webinar, Exposing Software Supply Chain Security Blind Spots that reveals more research findings on Sep 15 at 2:00 pm EDT. Register here.