Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Warning: The number of vulnerabilities in open source software are increasing rapidly
Besides malware, spam emails or DDos attacks, vulnerabilities in open source software are also considered as one of the most significant security threats at the moment.
According to research by cyber security organization WhiteSource, the number of open source software vulnerabilities recorded in 2019 has increased by 50% compared to 2018, from more than 4,000 to more than 6000. However, it is only ' floating iceberg 'because, according to experts, there are still many holes in other open source systems that are silently damaging but not yet discovered or reported.
However, this situation does not surprise many people, even it was foreseen due to the widespread development, massively and somewhat 'out of control' of the open source community in the past few years, together with that being the media attention towards recent data breaches.
WhiteSource has surveyed more than 650 developers, collected data from the US National Vulnerability Database (NVD), security advisory processes, vulnerability databases as well as many other data sources and found that:
- More than 85% of open source security vulnerabilities were disclosed with an existing bug fix.
- Only 84% of the reported open source vulnerabilities are stored in the NVD database, some of which are revealed elsewhere, after a few months.
- The C programming language still has the highest vulnerability rate (30%) because the amount of code written in this language is quite large. Followed by PHP (27%) and Java (15%).
Noting, Python's increasing popularity is almost proportional to the number of vulnerabilities associated with open source software written in this language. Though to be fair, vulnerabilities are a common result of less secure encryption and many other factors.
Common security vulnerabilities (CWEs) in 2019 included cross-site scripting (XSS), ranked first, followed by input validation vulnerabilities and buffer errors. ranked third, as follows:
Overall, the list of the top 5 most common vulnerabilities for 2019 is not much different from 2018. In 2018, the buffer error ranked second in the list and the third wrong input validation error, in When the remaining positions are unchanged.
According to security experts, most of these vulnerabilities stem from relatively simple flaws in the codebase as well as inaccurate programming problems - elements that can be avoided by Comply with fairly basic coding standards.
Micah SotoYou should read it
- What is open source software?
- Facebook turns Fizz - a library that enhances security protocols - into open source
- Warning: Jenkins exists a serious security hole that helps hackers gain control of computers of many Vietnamese businesses
- Found 37 security holes in VNC on Linux, Windows
- What is the difference between open source software and closed source software?
- 13 better security tips for Joomla CMS
- Can open source technology make money?
- How to Become an Open Source Enthusiast
May be interested
- What is source code? Learn about Source Code
source code or open source are probably terms you see often, such as open source games or open source software. so what exactly is source code, what is source code, what is open source code and what is closed source code? we will find the answer together through the article below. - 15 open source tools or to 'manage' Windowsperhaps a lot of people think that with windows operating systems, the paid software is always the best software. however, in reality, it is not always the case.
- Cisco Linksys WRT160NL - 'toy' specifically for open source peoplebeing open-source who likes to use toxic goods, mr. nguyen scoured the place to find an open-source wi-fi device.
- The dominance of open source software (Part 2)major system integrators such as ibm and hewlett-packard rely on open source software to offer solutions for their customers, and they pay thousands of skilled developers to work on these. attend &
- 7 misconceptions about open source softwarewhen it comes to free and open source software (foss), many people may feel 'stuck' as if they are lost in a sea of misconceptions.
- Warning: Jenkins exists a serious security hole that helps hackers gain control of computers of many Vietnamese businesseslast night, september 18, vsec - vietnam cyber security joint stock company issued an emergency warning about a serious security hole in the open source application jenkins.
- Being 'used by many big companies', the developer manually broke the NPM colors.js and faker.js librariesrecently, applications using popular open source libraries like colors.js and faker.js have suddenly displayed meaningless and even corrupted data. this leaves app developers surprised and a little confused.
- Warning of zero-day vulnerabilities in window manager on PCrecently, kaspersky global security company has discovered a zero-day vulnerability in the desktop window manager, warning of the risk of taking control of the system.
- 7 Great open source security apps you may not know yetto protect you from increasing online threats, you need to use a variety of security applications. for an ordinary home user, it can be as simple as an antivirus software suite and an anti-malware tool.
- 5 great open source tools that keep your personal data safewhether windows is watching you or your browser affects privacy, there are many reasons for you to be cautious about your personal data. fortunately, there is a solution that helps you manage and store personal data that is open source software and tools. this article will introduce some open source tools that help keep your data safe.
Attack the network
- Microsoft has just taken down a huge botnet network
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- Found an 'unpatchable' flaw in Intel CPUs
- Even Deepfake fraud detection tools can be deceived
- Detecting Android malware can easily steal OTP code without the victim knowing
- Shock: Many WhatsApp private group chat links are searchable on Google
Microsoft has just taken down a huge botnet network
AMD CPUs also have security vulnerabilities that have existed for many years now!
Found an 'unpatchable' flaw in Intel CPUs
Even Deepfake fraud detection tools can be deceived
Detecting Android malware can easily steal OTP code without the victim knowing
Shock: Many WhatsApp private group chat links are searchable on Google