Open source projects provide software development teams with well-built libraries and frameworks which they can freely use in their projects to improve the speed and efficiency of software development.
Despite the pros of open source projects, there are issues with security risks and code vulnerabilities when using components from such projects. The majority of commercial applications contain open source components, and one study reported a concerning finding that 78 percent of codebases contained at least one open source vulnerability.
This article informs you of some of the main open source security risks and vulnerabilities you should know about in 2019.
Slow Vulnerability Remediation
One of the biggest security risks that still continues to plague commercial software development teams is the issue of remediating vulnerabilities too slowly after a fix has already been released.
Anyone familiar with some of the major data breaches and cybersecurity incidents over the last couple of years will know that in many cases, those vulnerabilities were disclosed well in advance of the incidents happening. Furthermore, patches already existed to fix the vulnerabilities and prevent exploits.
A case in point on the danger of slow remediation is the Heartbleed software bug. Heartbleed is the name of a vulnerability in the OpenSSL cryptographic library. …
Read More on Datafloq