How secure are open source libraries?

2020-05-21 04:30

Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals.

An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies.

Open source libraries are ubiquitous and pose risks The most commonly included libraries are present in over 75% of applications for each language.

Most flawed libraries end up in code indirectly: 47% of those flawed libraries in applications are transitive - in other words, not pulled in directly by developers, but are being pulled in by upstream libraries.

Cross-Site Scripting is the most common vulnerability category found in open source libraries - found in 30% of libraries - followed by insecure deserialization and broken access control.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/_tdcmCNZWJo/

#libraries #opensource