Open source components is the basis for many of today's software applications, but also so that they are more and more attention in terms of security.
Open source management experts WhiteSource released a new report shows that 2019 open source software vulnerabilities jumped to more than 6,000, an increase of nearly 50%.
The good news is, it has been revealed more than 85% of open source vulnerability has been provided repair patch. However, information about the vulnerability is not in a centralized place to publish, but scattered in hundreds of resources, indexing and sometimes incorrect - it often makes searching for specific data becomes a challenge.
According to WhiteSource database, all open source vulnerability NVD (Nartional Vulnerability database) outside of the US National Common Vulnerability Database reports, only 29% were released.
In addition, the researchers also compared the 2019 report of the open-source vulnerability rankings before 7 coding language, and these figures are compared with the past 10 years.
The report also takes into account the CVSS (common vulnerability scoring system) score is based on whether or not the best measure of redress priority. CVSS has been carried out in the past few years a number of updates, trying to achieve, a measurable objective criteria, to help support all organizations and industry. But in the process, it also changed the definition of what is a highly serious vulnerability. This means that a 7.6 was rated at CVSS v2 vulnerability in CVSS v3.0 likely to be rated as 9.8, which means that the team faced with more high seriousness of the problem. Now 55% or more having a high severity or severity.
The report's authors concluded:
This list is the most important point is that just because popular open source projects have loopholes, does not mean they are inherently insecure.
This simply means that as a user open source project, you need to understand the security risks, and to ensure that up to date open source dependencies.
Open source components has become an integral part of our software projects. At first glance, the pattern of open source vulnerability seem complex and challenging, but there are ways to make people have visibility to the composition of our product releases open-source components and controlled.
You can WhiteSource website to find more information.