[REPORT] The Dark Reality of Open Source

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

Post Reply
Patchworks
Posts: 23
Joined: Sat Jul 14, 2018 10:33 am

[REPORT] The Dark Reality of Open Source

Post by Patchworks »

Open source software (OSS) is now a major part of an organization’s attack surface and organizations are being blindsided by the increased risk to their security posture. RiskSense looked at the 50 most popular OSS projects and found that:
  • Vulnerabilities spanned all phases of modern development from dev\test, orchestration, container, and within workloads. Learn more about the volume and the trends for the tools you use.
  • Open source is generating new vulnerabilities at a historically rapid pace. Consider what this means when shared libraries and code re-use occurs with Dev teams, especially in business-critical applications.
  • NVD listing lags significantly behind for OSS vulnerabilities – especially for those with the highest CVSS criticality.
To learn more, read the RiskSense Spotlight report: The Dark Reality of Open Source – Through the Lens of Threat and Vulnerability Management.

[ external image ][ external image ][ external image ]
Download the full Report here

...fake, hoax or reality ?

Jah-On
Posts: 17
Joined: Sun Dec 01, 2019 8:51 pm

Re: [REPORT] The Dark Reality of Open Source

Post by Jah-On »

It depends. There will always be those who try to infiltrate others via source code. Also, research before implementing a piece of code. I would say that more than 60 percent are good coders trying to make free software. Finally, if it is dark, then it is on par with closed source code

karlexceed
Posts: 511
Joined: Thu Jan 10, 2013 6:17 pm
Contact:

Re: [REPORT] The Dark Reality of Open Source

Post by karlexceed »

Patchworks wrote:
Tue Jun 09, 2020 7:38 pm
Open source is generating new vulnerabilities at a historically rapid pace.
I'm not sure that this is something you can attribute to open source code necessarily. It feels like correlation but not necessarily causation.

Also, I'm not sure it's significant, but it's interesting that about 47% of the vulnerabilities they talk about are found within two projects - Jenkins and MySQL.

Post Reply

Who is online

Users browsing this forum: Semrush [Bot], Yandex [Bot] and 2 guests