Here you can discuss ReactOS related topics.
Moderator: Moderator Team
- Posts: 23
- Joined: Sat Jul 14, 2018 10:33 am
Download the full Report here
Open source software (OSS) is now a major part of an organization’s attack surface and organizations are being blindsided by the increased risk to their security posture. RiskSense looked at the 50 most popular OSS projects and found that:
- Vulnerabilities spanned all phases of modern development from dev\test, orchestration, container, and within workloads. Learn more about the volume and the trends for the tools you use.
- Open source is generating new vulnerabilities at a historically rapid pace. Consider what this means when shared libraries and code re-use occurs with Dev teams, especially in business-critical applications.
- NVD listing lags significantly behind for OSS vulnerabilities – especially for those with the highest CVSS criticality.
To learn more, read the RiskSense Spotlight report: The Dark Reality of Open Source – Through the Lens of Threat and Vulnerability Management.
[ external image ][ external image ][ external image ]
...fake, hoax or reality ?
- Posts: 17
- Joined: Sun Dec 01, 2019 8:51 pm
It depends. There will always be those who try to infiltrate others via source code. Also, research before implementing a piece of code. I would say that more than 60 percent are good coders trying to make free software. Finally, if it is dark, then it is on par with closed source code
- Posts: 511
- Joined: Thu Jan 10, 2013 6:17 pm
Patchworks wrote: ↑
Tue Jun 09, 2020 7:38 pm
Open source is generating new vulnerabilities at a historically rapid pace.
I'm not sure that this is something you can attribute to open source code necessarily. It feels like correlation but not necessarily causation.
Also, I'm not sure it's significant, but it's interesting that about 47% of the vulnerabilities they talk about are found within two projects - Jenkins and MySQL.
Users browsing this forum: Semrush [Bot], Yandex [Bot] and 2 guests