Snyk has released the results of its annual open source security report, which saw a decrease in the number of open source vulnerabilities as well as a slight shift in security mindset as organizations begin to embrace “core elements of DevSecOps.”
Specifically, when asked who should be responsible for designing and implementing security controls in their software (with multiple answers allowed), 85 percent of respondents said developers, 55 percent said security teams, and 35 percent said operations. In contrast, fewer than 30 percent of last year’s respondents felt that security or operations teams had a role to play.
"This year's report is very encouraging as we are seeing the volume of open source vulnerabilities trending down for the first time in four years. In addition, there are positive trends emerging around the collaboration of development, security and operations teams to address the growing demand for secure application development," said Alyssa Miller, Application Security Advocate, Snyk.
Additional findings include:
- Expansion of open source ecosystems, led by npm, which grew more than 117 percent in 2019 and spans over 1.3 million packages.
- An almost 20 percent decrease in new vulnerabilities across the most popular ecosystems in 2019.
- The majority of open source vulnerabilities continue to be discovered in indirect dependencies.
Read more and download the report from the Snyk website.