Next event:

Digital Accessibility and Software QA: Leadership Seminar in Partnership with Deque

12 November, 2019
News and research on financial software quality assurance and risk management

Four upgrades per year is best development practice, says Sonatype survey

22 July 2019
Survey says frequent upgrades will make code more secure

Development teams should aim for a minimum of four releases every year, upgrading at least 80% of their dependencies with each release, according to research by Maryland-based software company Sonatype. 

The findings were published in Sonatype’s latest State of Software Supply Chain survey, which also found respondents reporting a 71% increase in open source breaches over the past five years. The survey is designed to establish best practices exhibited by open source software projects and commercial application development teams, and analyses the supply and consumption of open source components. 

From the research, Sonatype concluded that a higher frequency of dependency updates statistically results in more secure code, empowering components against attacks to the supply chain. This is especially important, according to Sonatype, because adversaries are now taking advantage of an attack vector whereby vulnerabilities can be injected directly into open source project releases. These attacks are particularly high-risk for financial services; when malicious code infiltrated the build chain of cryptocurrency wallet Agama in June 2019, it endangered over $13m in cryptocurrency assets. 

“We have long advised organisations that they should rely on the fewest open source components suppliers with the best track records in order to develop the highest quality and lowest risk software,” said Wayne Jackson, CEO of Sonatype. “For organisations who tame their software supply chains through better supplier choices, component selection, and use of automation, the rewards revealed in this year’s report are impressive. Use of known vulnerable component releases were reduced by 55%.”

 

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*
Email*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form