Open-Source Software Brings Bugs To Web Applications

  • 22 October 2014
  • 0 replies
  • 127 views

Userlevel 7
By Kelly Jackson Higgins  posted on 10/22/2014
An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode.
 If the Heartbleed and Shellshock vulnerability scares didn't drive home the increasing risk that open-source software poses to today's applications, consider this: Open-source and third-party code brings an average of 24 known security bugs to every web application, according to new data.
Open-source and third-party software components also introduced an average of eight "very high severity" or "high severity" security flaws to applications, according to Veracode, which today released findings from an analysis it conducted of more than 5,300 enterprise web applications uploaded to its code-scanning service over the past two months.
"The use of open source has increased heavily over time. Enterprises have become more comfortable using it," says Chris Wysopal, CTO at Veracode. "At the same time, the researcher community and attacker communities have woken up to this, too… That's why you're seeing Heartbleed and Shellshock, because people are looking at it and scrutinizing it. In the last year or two, all that code has been reviewed and made better. But it's probably only going to get worse" as researchers find more bugs and attackers start using them.
 
 
Full Article
 

0 replies

Be the first to reply!

Reply