Security News > 2020 > June > How open source software vulnerabilities create risk for organizations
Security flaws in open source software have increased and can take a long time to be added to the National Vulnerability Database, says RiskSense.
A report released Monday by vulnerability management firm RiskSense describes the impact of security vulnerabilities on OSS. For its report "The Dark Reality of Open Source," RiskSense found that the total number of CVEs in OSS are on the rise, more than doubling to 968 in 2019 from 421 in 2018 and 435 in 2017.
Still, OSS vulnerabilities can be a "Blind spot" for many organizations who may not be aware of all the open source projects and dependencies found in the applications they use.
"While open source code is often considered more secure than commercial software since it undergoes crowdsourced reviews to find problems, this study illustrates that OSS vulnerabilities are on the rise and may be a blind spot for many organizations," RiskSense CEO Srinivas Mukkamala said in a press release.
"Since open source is used and reused everywhere today, when vulnerabilities are found, they can have incredibly far-reaching consequences."