INSUBCONTINENT EXCLUSIVE:
New research from RiskSense has revealed that the number of security vulnerabilities in open source software more than doubled last year.To
2015 until the first three months of 2020 to discover a total of 2,694 Common Vulnerabilities and Exposures (CVEs).RiskSense's report
found the total number of vulnerabilities in open source software reached 968 last year which is up by more than 50 percent from the 421
is often considered more secure than commercial software since it undergoes crowdsourced reviews to find problems, this study illustrates
that OSS vulnerabilities are on the rise and may be a blind spot for many organizations
Since open source is used and reused everywhere today, when vulnerabilities are found, they can have incredibly far-reaching
Vulnerability Database (NVD)
On average it takes 54 days from a vulnerability being publicly disclosed for it to be included in the NVD.This delay has serious
consequences for businesses as they can remain exposed to serious application security risks for almost two months
These delays were also observed across all severities including vulnerabilities that were rated as critical and those that were being
actively exploited in the wild.Of the open source projects analyzed in the report, the Jenkins automation server had the most CVEs overall
with 646 and this was closely followed by MySQL with 624
These two projects also tied for the most weaponized vulnerabilities with 15 each.When it came to weaponization, cross-site scripting (XSS)
and Input Validation weaknesses were both some of the most common and most weaponized types of vulnerabilities in RiskSense's study
XSS issues were the second most common type of vulnerability but they were the most weaponized while Input Validation issues were the third
most common and second most weaponized.There are many benefits of using open source software though RiskSense's report shows that managing
vulnerabilities in their libraries can pose unique challenges for businesses and developers.
