Security News > 2022 > November > Last Years Open Source - Tomorrow's Vulnerabilities

Last Years Open Source - Tomorrow's Vulnerabilities
2022-11-01 12:04

As the data scientist he is, he, of course, asked the data: how good is the open source community at finding vulnerabilities in a timely manner?

Finding open source vulnerabilities is typically done by the maintainers of the open source project, users, auditors, or external security researchers.

The analysis shows that 74% of security flaws are actually undiscovered for at least one year! Java and Ruby seem to have the most challenges here, as it takes the community more than 1000 days to find and disclose vulnerabilities.

Why does this matter? As consumers of open source, and that's about every company in the whole world, the problem of vulnerabilities in open source is an important one.

Debricked helps companies make these vulnerabilities actionable by scanning all your software, every branch, every push, and every commit, for new vulnerabilities.

There's a good chance that there are lots and lots of undiscovered and undisclosed vulnerabilities in your code today, and there's not much you can do about it.


News URL

https://thehackernews.com/2022/11/last-years-open-source-tomorrows.html