Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them

2020-03-13 07:05

The number of vulnerabilities in open source projects surged almost 50 per cent in 2019, according to security biz WhiteSource, which can be seen as good news in the sense that you don't find what you're not looking for.

"The problem with open source vulnerabilities is that, like everything in the open source community, once something is reported all the information is public and every beginner hacker can learn the vulnerability and it's exploitation and then execute it on a large number of applications."

Only 84 per cent of known open source vulnerabilities eventually show up on the National Vulnerability Database, and often after some delays.

"Following the huge usage growth in the open source community, attackers are starting to see the potential in exploiting open source vulnerabilities. CWE-79 vulnerabilities are the go-to vulnerability for an easy and effortless hack. Taking this in mind, it's quite logical that this massive increase occurred."

Under v3.1, the severity distribution is not a normal distribution, WhiteSource contends, with 17 per cent of vulnerabilities being critical and only 2 per cent rated low.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/13/open_source_bugs/

#opensource #vulnerabilities