The widespread adoption of open source components to power enterprise applications has no doubt helped organisations increase their efficiency, but a lack of oversight over security credentials of such components is seriously endangering organisations' cyber security.
Last year, in an expert opinion published by TEISS, Derek Weeks, VP and DevOps Advocate at Sonatype, said that the adoption of open source components by the software industry flew in the face of Cyber Security by Design, a concept championed by the government to ensure companies were introducing cyber security in their products at the design stage in order to make the practice of building security into their devices less complicated.
"Shipping known vulnerable software components in one’s product in any other manufacturing industry would be considered gross negligence. Connected toys and smartwatches, however, are only the tip of the iceberg. No other manufacturing industry is permitted to ship known vulnerable or defective parts in their products. Why should software manufacturers be any different?" he wrote.
"If we factor in products such as connected pacemakers and driverless cars, this turns into a life or death situation. This isn’t even taking into account the increasingly connected nature of heavy manufacturing and utilities - industries that affect everyday life and have a huge impact on everyone no matter who they are or where they work," Weeks added.