Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
May 24, 2020 07:34 am

Open Source Security Report Finds Library-Induced Flaws in 70% of Applications

The State of Software Security (SOSS): Open Source Edition "analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries," reports TechRepublic."Chris Eng, chief research officer at Veracode, said open source software has a surprising variety of flaws.""An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies," he said. The study found that 70% of applications have a security flaw in an open source library on an initial scan. Other findings from the report:The most commonly included libraries are present in over 75% of applications for each language.47% of those flawed libraries in applications are transitive. More than 61% of flawed libraries in JavaScript contain vulnerabilities without corresponding common vulnerabilities and exposures (CVEs). Fixing most library-introduced flaws can be done with a minor version upgrade.Using any given PHP library has a greater than 50% chance of bringing a security flaw along with it.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Z0Q0M8jw0GQ/open-source-security-report-finds-library-induced-flaws-in-70-of-applications

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot