The number of new vulnerabilities in open source packages was down by 20% compared to last year, suggesting cybersecurity efforts are progressing, according to a report from developer-first security platform Synk.
Its findings come in its annual State of Open Source Security Report for 2020. Its new report took a deeper look into the vulnerability and ecosystem-level trends which impact the overall secyrity posture of organisations.
Snyk stated that well known vulnerabilities such as cross-site scripting, are still being reported but are not impacting as many projects as previously.
Across six ecosystems examined by the report, Snyk found fewer new vulnerabilities reported in 2019 than 2018.
The report stated that the biggest vulnerability impacting scanned projects is prototype pollution, which was found in 27% of projects.
Snyk application security advocate Alyssa Miller said, “This year’s report is very encouraging as we are seeing the volume of open source vulnerabilities trending down for the first time in four years. In addition, there are positive trends emerging around the collaboration of development, security and operations teams to address the growing demand for secure application development.
“Despite the year over year progress, we must continue to prioritize security and empower organizations to implement programs to help drive DevSecOps and developers to be involved in securing their code from the very beginning. We need to focus on continuing these efforts to ensure these emerging trends continue on this positive trajectory in 2021 and beyond.”
Copyright © 2018 RegTech Analyst