Security News > 2022 > December > Open source vulnerabilities add to security debt
The number of open source vulnerabilities that Mend identified and added to its vulnerability database in the first nine months of 2022 was 33 percent greater than the first nine months of 2021, reflecting both the growth in the number of published open-source packages and the acceleration of vulnerabilities.
The report's representative sampling through January to September 2022 of approximately 1,000 North American companies found that only 13 percent of vulnerabilities seen were remediated, compared with 40 percent remediated by those using modern application security best practices.
"As security debt continues to rise, it's crucial to find a way to prioritize the vulnerabilities that pose the highest risk to avoid falling victim to an attack," said Jeffrey Martin, VP Product Management at Mend.
"Using remediation tools that can assess and prioritize the vulnerabilities that can most heavily impact systems is an important element to managing security debt. Organizations should not just pay attention to severity details though, to ensure effective prioritization and remediation, they need to also look at the exploitation context of flaws on their own and in conjunction with others."
While companies remediate thousands of vulnerabilities each month, it takes modern remediation best practices to handle the ongoing wave of new vulnerabilities detected to prevent a growing backlog of vulnerabilities.
The increase in open source vulnerabilities outstrips the estimated 25 percent growth in the amount of open-source software available.
News URL
https://www.helpnetsecurity.com/2022/12/19/open-source-vulnerabilities-growth/
Related news
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Vanir: Open-source security patch validation for Android (source)