SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Open source software challenges predicted to continue in 2025

Sun, 5th Jan 2025

Endor Labs' Chief Security Advisorm Chris Hughes, has predicted continued challenges in open source software (OSS) adoption and security in the year 2025.

According to Hughes, organisations will persist in embracing OSS while simultaneously facing increasingly sophisticated attacks from malicious actors. "We will continue to see widespread open source software (OSS) adoption coupled with increasingly sophisticated attacks on OSS by malicious actors. Organisations will continue trying to get foundational OSS governance in place, and leverage open source and commercial tools to help them start to understand their OSS consumption as well as make more risk-informed consumption of OSS."

Hughes highlighted the ongoing tension between enterprises and vendors over transparency regarding OSS usage. "Enterprises will continue pushing for transparency from vendors regarding what OSS they use in their products, but the tug of war will go on, with no widespread mandates driving change, leaving organisations to fend for themselves when it comes to OSS governance and security."

The issue of information overload in application security (AppSec) will persist in 2025, as Hughes explained. "Signal through noise will continue to be the name of the game for AppSec in 2025. Organisations are drowning in noise, findings, alerts and notifications. They are in desperate need of context and are looking for tools to not just provide insights around exploitation, exploitability, and reachability for better prioritisation, but to take it a step further and move towards remediation and solutions that help not just find, but fix problems. 2024 is another year of record vulnerability and CVE growth, and modern solutions are needed more now than ever."

Hughes also discussed the increasing role of artificial intelligence (AI) in the realm of AppSec and open source software. He stated, "We will see the continued intersection of AI, AppSec and open source – from malicious actors targeting open source models, the communities and platforms that host them, and organisations looking to leverage AI to address code analysis and remediation. Increasingly, we will see widely used OSS AI libraries, projects, models and more targeted as part of supply chain attacks on the OSS AI community."

Commercial AI vendors, Hughes warned, are also susceptible to these threats due to their extensive use of OSS. "Commercial AI vendors are not immune either, as they are large consumers of OSS but often aren't transparent with customers and consumers regarding what OSS they use."

Endor Labs helps Security and DevOps teams build secure applications without the productivity tax associated with traditional security and compliance obligations, the company states. It offers solutions for secure open-source code, secure repositories and pipelines, and AppSec compliance requirements.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X