Open source vulnerabilities go undetected for over four years

2020-12-03 11:58

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security and developers' practices regarding vulnerability reporting, alerting and remediation.

The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed.

Another interesting finding is that most open source software vulnerabilities are caused by mistakes, not malicious attacks.

Add to this the discovery that a vulnerability typically goes undetected for over four years, and you can see how problems may arise.

"The power and promise of open source is in the power of the community. By joining forces with millions of developers to not only build software packages but also identify and fix vulnerabilities, we can build software more quickly and more securely."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/qWXz84LGwNs/

#opensource #vulnerabilities