Climate change is the defining issue of our time. The 50 Sustainability Climate Leaders project by TBD Media is the response from the International Business Community demonstrating the desire, the leadership, and the will to take effective action in the fight against Climate Change. With businesses aligned to the United Nations Sustainable Development Goals, the hosts of the campaign, TBD Media, aim to inspire other businesses, corporations and their leaders and discover new ways of operating and spearheading a positive impact. Amongst some of the largest and most powerful companies worldwide, the Nemetschek Group has been invited to participate in the project to represent the building industry.
“The construction industry is lagging behind in terms of efficiency and productivity, but there are ways to change this to realize a more sustainable built world,” says Dr Axel Kaufmann, Spokesman of the Executive Board and CFOO at the Nemetschek Group. “We are honored to show - as one of the 50 Sustainability & Climate Leaders - how digital solutions can significantly increase efficiency and thus sustainability in the construction industry”.
The Nemetschek approach: Offering state-of-the-art software solutions that increase efficiency, productivity and sustainability along the entire construction lifecycle, from design to build to manage. See the Nemetschek Group video at The Solutions that are building a greener future and all 50 Sustainability and Climate Leaders videos on https://www.50climateleaders.com/.
Click here to return to Contents
Synopsys Study Shows Open Source Security Top-of-Mind but Patching Too Slow
08 December 2020Synopsys, Inc. released the report, DevSecOps Practices and Open Source Management in 2020. Produced by the Synopsys Cybersecurity Research Center (CyRC), the report highlights the findings from a survey of 1,500 IT professionals working in cyber security, software development, software engineering, and web development. The report explores the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.
Open source plays a critical role in today's software ecosystem. The overwhelming majority of modern codebases contain open source components, with open source often comprising 70% or more of the overall code. Yet paralleling the growth of open source use is the mounting security risk posed by unmanaged open source. In fact, according to the 2020 OSSRA report, 75% of the codebases audited by Synopsys contain open source components with known security vulnerabilities. To combat this situation, respondents to the survey cite identification of known security vulnerabilities as the number one criterion when vetting new open source components.
"It's clear that unpatched vulnerabilities are a major source of developer pain, and ultimately business risk." said Tim Mackey, principal security strategist of the Synopsys Cybersecurity Research Center. "The 'DevSecOps Practices and Open Source Management in 2020' report highlights how organizations are struggling to effectively track and manage their open source risk."
"Over half—51%—say it takes two to three weeks for them to apply an open source patch," Mackey continued. "This is likely tied to the fact that only 38% are using an automated software composition analysis (SCA) tool to identify which open source components are in use and when updates are released. The remaining organizations are probably employing manual processes to manage open source—processes that can slow down development and operations teams, forcing them to play catch-up on security in a climate where, on average, dozens of new security disclosures are published daily."
Other noteworthy findings in the "DevSecOps Practices and Open Source Management in 2020" report include:
DevSecOps is rapidly growing worldwide. A combined 63% of respondents reported that they are incorporating some measure of DevSecOps activities into their software development pipelines.
There is no universally adopted application security testing (AST) tool. As the responses to the survey questions indicate, there is no shortage of application security testing tools and techniques. However, even the AST tool with the highest adoption rate is still only utilized by less than half of respondents.
The media plays an important role in open source risk management. Forty-six percent of respondents noted that media coverage had prompted their organization to apply more stringent controls on open source usage.
Forty-seven percent of respondents are defining standards around the age of open source components they use. A growing issue in the open source community is project sustainability. A 2020 Synopsys study showed that 91% of codebases audited in 2019 contained open source components that either were more than four years out of date or had no development activity in the past two years. Security risks increase when obsolete code is deployed, including the threat of an open source component being hijacked. Such a situation occurred in 2018 when the event-stream component was hijacked to target Bitcoin in Copay accounts.
To learn more, download a copy of the DevSecOps Practices and Open Source Management in 2020 report.
