Security News > 2020 > June > 2019 was a record year for OSS vulnerabilities

Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures in 2018 to 968 last year, according to a RiskSense report.

The study also revealed that it takes a very long time for OSS vulnerabilities to be added to the National Vulnerability Database, averaging 54 days between public disclosure and inclusion in the NVD. This delay can cause organizations to remain exposed to serious application security risks for almost two months.

"While open source code is often considered more secure than commercial software since it undergoes crowdsourced reviews to find problems, this study illustrates that OSS vulnerabilities are on the rise and may be a blindspot for many organizations," said Srinivas Mukkamala, CEO of RiskSense.

Vulnerabilities in open source software are taking an extremely long time to be added to the U.S. NVD. The average time between the first public disclosure of a vulnerability and its addition to the NVD was 54 days.

These two OSS projects also tied for the most weaponized vulnerabilities with 15 each.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/2f-qP8eODi8/