Security News > 2020 > May > Open source libraries a big source of application security flaws
How many vulnerabilities lurk inside the bazillions of open source libraries that today's developers happily borrow to build their applications?
Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries used by them.
How much 'walking' application users will end up doing varies considerably depending on the language used to create it, with JavaScript software using the most open source libraries - over 1,000 in some cases.
The good news is that three quarters can be fixed with a minor "Non-breaking" update that can be implemented to the library without causing wider disruption to the application - this held true even for almost all the most concerning one percent of flaws that might be being actively exploited.
Open source libraries have become a ubiquitous part of software development.
News URL
Related news
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Vanir: Open-source security patch validation for Android (source)