The popularity of open-source components has increased over the years, with more people diverting their attention towards open-source software.
However, using open-source software involves risks as well. A report published by WhiteSource, an open-source security management platform, says that vulnerabilities in open-source software increased by nearly 50% in 2019.
The report gathered data from the National Vulnerability Database (NVD), several security advisories, peer-reviewed vulnerability databases, and popular open-source issue trackers.
The number of reported open source vulnerabilities stood at a record-breaking count of 6,000 in 2019. Also, only 84% of the known vulnerabilities in open-source appear in NVD, and the remaining go unnoticed or get published on other portals that many aren’t aware of.
Researchers found that vulnerabilities are often reported across hundreds of platforms that are poorly indexed. This makes it difficult for users to search and confirm the existence of a vulnerability in open-source software.
However, every cloud has a silver lining, and so does the open-source ecosystem. The report also mentions that over 85% of open source vulnerabilities are disclosed with a fix already available.
Open-source vulnerabilities: 2020 predictions
The report mentions that the number of open-source flaws will keep rising, thanks to the continued increase of both open-source usage and security research in the domain.
Thankfully, the open-source community is also witnessing an increase in initiatives addressing open-source security systems. For example, Github Security Lab is a platform that allows open-source software developers and maintainers to report vulnerabilities systematically without exposing a zero-day vulnerability for hackers.
We’ll likely see a surge in such tools in 2020 as well owing to increased adoption of open-source software and the number of agencies working towards reporting vulnerabilities in the open-source ecosystem.