Security News > 2020 > May > Open source libraries a big source of application security flaws
How many vulnerabilities lurk inside the bazillions of open source libraries that today's developers happily borrow to build their applications?
Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries used by them.
How much 'walking' application users will end up doing varies considerably depending on the language used to create it, with JavaScript software using the most open source libraries - over 1,000 in some cases.
The good news is that three quarters can be fixed with a minor "Non-breaking" update that can be implemented to the library without causing wider disruption to the application - this held true even for almost all the most concerning one percent of flaws that might be being actively exploited.
Open source libraries have become a ubiquitous part of software development.
News URL
Related news
- Sara: Open-source RouterOS security inspector (source)
- What’s Next for Open Source Software Security in 2025? (source)
- GitHub CISO on security strategy and collaborating with the open-source community (source)
- Fleet: Open-source platform for IT and security teams (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)