"It is stunning to me that when you grab an application about a quarter of the components in it are vulnerable," he said. "And that doesn't even take into consideration the unknown, or zero-day, vulnerabilities."
And that's scary when we consider that the software being put into Internet-of-Things devices is no different than the one being put into commercial applications.
"I have encountered vulnerable open-source software in the remotely connected parts of automobiles that was exploitable and could put people's lives in danger," Corman said. "It's one thing when your website is compromised, or you have to get a new credit card, and another when entirely avoidable vulnerabilities are making their way into embedded systems in vehicles or medical devices."
Sign up for CIO Asia eNewsletters.