This post was originally published on Info World
Recent reports have thrown the spotlight back on the thorny issue of inherited software vulnerabilities. Many don’t realize how widespread the problem is within the software supply chain, and how many businesses are at risk. Here, we’ll dive into this increasingly damaging problem, and explain how WebAssembly’s component model will offer a progressive path forward.
SBOM: Recognizing the cost of free
We’re all familiar with infamous vulnerabilities such as the Log4shell vulnerability in Log4j. To put the damage it did into context, operations ground to a halt within 40% of global businesses when a security flaw gave cybercriminals a pass to infect critical systems with a single dose of malicious code. Given the average cost to fix a single Log4j breach is $4.62 million, according to IBM, and requires 12% of operational resources to resolve it, the impact is huge.
Despite industry-wide efforts to develop policies, practices, tooling, and education around open source security, spearheaded by the Open Source Software Security Foundation (OpenSSF), research shows more than 70% of companies remain vulnerable to Log4shell. This shows just how pervasive and difficult to eradicate vulnerabilities can be.
Even in a “normal” operating state developers are crushed by the compliance and operational burdens of application development.
— Read the rest of this post, which was originally published on Info World.