OSS Sparks and Accelerates Innovation
Open-source software (OSS) reflects a comprehensive and quickly evolving ecosystem of innovators who collaborate on a global scale. OSS offers individuals and organizations flexibility, control, and a cost-effective way to harness the power of this community. As such, usage of OSS has become extensive; in fact, a 2022 report by Synopsys reveals that 97% of audited codebases use OSS, with OSS comprising 78% of the code in said codebases. OSS is one of the main drivers contributing to the rise and widespread adoption of machine learning and artificial intelligence. The ubiquitousness of OSS is reflected in everything from searching the web to ordering a product on a smartphone.
Like All Software, OSS Carries Risk
Despite the many benefits of OSS, if organizations and users do not properly govern its usage or the environment in which it operates, security risks abound. Consider the Log4Shell vulnerability disclosed in 2021. This arbitrary code execution vulnerability, which impacted the popular Log4j logging library for Java, has a severity score of 10 out of 10 as assessed by the National Vulnerability Database (NVD). What made this Log4j vulnerability so dangerous is the combination of the ubiquity of the library and the ease of exploitation. As a result of these factors, the vulnerability wreaked great havoc while the community scrambled to mitigate it and patch affected applications and services.
While the log4j maintainers were quick to identify, announce, and fix this compromise, this incident nevertheless demonstrates how OSS security risks can catch maintainers and users off guard and quietly sneak into their code. Indeed, Synopsys reports that 81% of the 2,409 audited codebases contain at least one known open-source vulnerability.
Anaconda Is Your OSS Security Ally
At Anaconda, security infuses our work. We start with maintaining our own public build recipes for each package. Then, we perform antivirus scanning on all software artifacts produced. With select offerings, we sign the packages and dependency metadata to add an extra layer of protection. To help our customers navigate the evolving and complex OSS vulnerability landscape, we also monitor security advisories pertaining to the packages we make available, and our tools facilitate the filtering of vulnerable packages.
Security should be top of mind for every individual and organization that adopts OSS. What is your OSS security policy? How do you enforce it? These are critical questions for all OSS users, and Anaconda wants to support you in answering them.
Help Anaconda Support Your OSS Security: Take Our Survey
Anaconda thrives on empowering our 30 million users with secure OSS. To help us do so, we invite you to take our anonymous OSS security survey so we can better understand your needs around setting up, using, and managing secure Python/R environments. We will use the aggregated survey results to build even better products.
The survey takes no more than 10 minutes to complete, and those who opt to share their contact information may enter a raffle for one of five $100 Amazon gift cards. The survey is open now and will run through March 3rd, 2023. Thanks so much in advance for helping us better serve the community!