Open Source Software Vulnerabilities Increased By 50% In 2019: Report

The popularity of open-source components has increased over the years, with more people diverting their attention towards open-source software.

However, using open-source software involves risks as well. A report published by WhiteSource, an open-source security management platform, says that vulnerabilities in open-source software increased by nearly 50% in 2019.

The report gathered data from the National Vulnerability Database (NVD), several security advisories, peer-reviewed vulnerability databases, and popular open-source issue trackers.

The number of reported open source vulnerabilities stood at a record-breaking count of 6,000 in 2019. Also, only 84% of the known vulnerabilities in open-source appear in NVD, and the remaining go unnoticed or get published on other portals that many aren’t aware of.

Open source vulnerabilities report
Source: WhiteSource

Researchers found that vulnerabilities are often reported across hundreds of platforms that are poorly indexed. This makes it difficult for users to search and confirm the existence of a vulnerability in open-source software.

However, every cloud has a silver lining, and so does the open-source ecosystem. The report also mentions that over 85% of open source vulnerabilities are disclosed with a fix already available.

Open-source vulnerabilities: 2020 predictions

The report mentions that the number of open-source flaws will keep rising, thanks to the continued increase of both open-source usage and security research in the domain.

Thankfully, the open-source community is also witnessing an increase in initiatives addressing open-source security systems. For example, Github Security Lab is a platform that allows open-source software developers and maintainers to report vulnerabilities systematically without exposing a zero-day vulnerability for hackers.

We’ll likely see a surge in such tools in 2020 as well owing to increased adoption of open-source software and the number of agencies working towards reporting vulnerabilities in the open-source ecosystem.

Similar Posts