EFY Times  
Monday, April 27, 2015

 
GO
 
 

New White Source Study Sheds Light On Open Source Security Risks
 
Home >> Infotech >> Technology
 
New White Source Study Sheds Light On Open Source Security Risks  
 
   
Rate this news:  (2 Votes)
Wednesday, November 27, 2013 A recent White Source study of 2,944 software projects with open source components found that 23% had security vulnerabilities. Meanwhile, only 1.3% of the open source libraries with vulnerabilities were updated with the latest version. Ninety-three percent of the vulnerabilities in infected open source libraries had either high or mid-range severity.






“Often, no one is assigned to continually monitor the open source for updates. In our study, 98.7% of the open source libraries with vulnerabilities were not updated. This presents considerable security and business risks for both vendor and customer when the product is shipped,” said Rami Sass, Co-Founder and CEO of White Source. “If you don’t stay on top of open source updates, you risk missing critical security fixes that are most likely out there,” he added.

According to Gartner, 85% of commercial software projects use open source libraries. While the benefits of open source are clear to most developers, open source projects contain the same quality and security issues as any other software projects. Most open source communities are quick to fix issues in their code, but their users are notably slow to update to new versions.

An earlier White Source survey found that 85% of software projects contain out-of-date open source libraries.

“There is a clear disconnect between what is expected from development teams and what they can realistically do. They often lack the expertise and time to continually ensure compliance with open source licenses and monitor open source libraries for future security vulnerabilities and bugs. To properly manage open source for security and compliance, a lot of the adoption and ongoing management should be automated,” said Pini Cohen, EVP and Senior Analyst from STKI

White Source, the leading provider of agile open source management solutions, has recently released a new SaaS solution that proactively alerts customers about security vulnerabilities in open source libraries. The solution also provides alerts for new versions of libraries and fixes for vulnerabilities and other software bugs.

“We match open source libraries with various repositories of vulnerabilities and with new versions made available by the respective open source communities,” said Sass. “We can provide pinpointed alerts because we always know the exact open source content of each of our customers’ projects,” he added.

The top 5 most common security vulnerabilities among White Source customers studied were:

CVE-2011-2730: This Spring Framework vulnerability lets remote attackers obtain sensitive information.

CVE-2012-0213: This Apache POI vulnerability lets remote attackers cause denial of service via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

CVE-2011-2894: This Spring-Security vulnerability lets remote attackers bypass intended security restrictions and execute untrusted code.

CVE-2009-2625: This Apache Xerces2 vulnerability lets remote attackers cause a denial of service (infinite loop and application hang).

CVE-2013-0248: This Commons-FileUpload vulnerability lets local users overwrite arbitrary files via an unspecified symlink attack.



Print Email Post Comment 
(Total Views: 304)
 
Share

 
 
Infotech News
   
Anritsu Introduces Web Remote Tools
Infineon's OPTIGA TPM Security Controller Achieves Common Criteria Certification
Sterling Generators To Set Up Dealer Network As Expansion Strategy
5 Rules To Ensure Proper Programming Style
Key Rules To Build A Great Tech Team
 
 
 
     
     
     
     
     
     
Most popular
 

Daily

INTEGRITY Security Services Launches Industry's First End-To-End Security Solutions For Next-Generation Internet Of Things
Data I/O Announces New PSV5000 Automated Programming System
Kondor To Distribute MOTA Wearables, Mobile Accessories In UK And Ireland
UniPixel Acquires Atmel's XSense Assets And Operations
Methode Electronics' Active Energy Solutions Announces UL Certifications For Industry's First High-Density UPS In Its Class
Apivio Receives Purchase Order For 1,000 Wi-Fi Phones
iCrossing Hires Mike Parker From McCann WorldGroup As Regional President, West
Silicon Valley Electronic Manufacturing Leader AlphaEMS Announces Hiring Of New Senior VP Of Business Development
Cypress And Arrow Electronics Open Online Voting To Select Finalists For IoT-Based Design Contest
SquareTrade Finds Samsung Galaxy S6 The New Phone To Beat For Durability
 
   

Weekly

European Union Delegation To Organize Media Seminar #DIGILOGUE2015 On 27 April
European Union Delegation To Organize Media Seminar #DIGILOGUE2015 On 27 April
India Ranked Second In Cyber Crimes Through Social Media
Storage Switzerland Test Drive Demonstrates Transporter’s Private Cloud Storage Efficiency Over Public Cloud Solutions Such As Dropbox
The Meeco Group Completes Installation Of 20KW Solar Project In Gurgaon
Akitio Unveils The Thunder2 Quad Mini 12 TB Thunderbolt 2 SSD Storage Solution
Stratasys Opens Maiden 3D Printing Experience Centre In India
Whatsapp To Become Largest Communication Service; Crosses 800 Million Users
Hackers Or Google Maps Developers: Who Made The Android Bot Pee On An Apple Logo?
Asus Zenphone 2 Claims To Be The World’s First Smartphone Range With 4GB RAM
Samsung To Launch More Tizen-Based Smartphones?
After Facebook Changed News Feed, Twitter Launches ‘Highlights’
Micromax To Launch Canvas Spark on 21 April
7 Things To Do After Buying New iPhone
Microsoft Launches Outlook For Android; App Now Available For Download
Twitter’s Quality Feature To Remove Threats From The Timeline
Microsoft To Bring Office Apps To Phones In A 'Universal' Avatar
 
   

Overall

Features
5 Rules To Ensure Proper Programming Style
Here are some of the best rules that help you in attaining a better programming style....
Key Rules To Build A Great Tech Team
Making IT work in any organisation is about making human connections. Here's how you can do it....
6 Best Code Editors For Realtime Collaboration
Here is the compiled list of 6 Best Code Editors for Real Time Collaboration....
Top 10 Most Expensive Gadgets In The World
Here are top 10 gadgets made for super-rich people in the world...
7 Things To Do After Buying New iPhone
Bought a new iPhone? Here are 7 things you need to do right away...
8 Gadgets To Make Your Smartphone Even Smarter!
Check out these 8 cool gadgets that will make your smartphone smarter...
10 Must Have Google Chrome Apps
Install these Chrome extension apps to boost your work productivity...
Top 6 Octa-Core Android Phones Under Rs 10,000/-
Here is the list of best 6 super-fast Android phones you can buy under Rs 10,000/-...
6 Qualities That Can Help You Achieve Happiness
Here are 6 qualities that you can incorporate in life to find the greater happiness....
Top 10 Frequently Asked SQL Query Interview Questions
Here are 10 frequently asked SQL interview questions and answers that can help you crack the interview....
8 Best Alternatives To Bootstrap
Boostrap is used by many web developers out there. If you are looking for some innovative alternative to Bootstrap. Here is the list of 8 best options...
8 Tech Companies You Didn't Know You Use Everyday!
You may not have heard the names of following tech companies but, you use their product and services in daily life through your favorite app....
Top 8 PHP Libraries For Developers
Here is the list of best PHP libraries for web developers and programmers...
3 Successes And 3 Failures Of Microsoft
Microsoft has seen many triumphs and failures. Here are top 3 successes and 3 failures in company's 40 year journey....
Top 8 Most Expensive Smartphones In India
Ever wondered about the most expensive smartphones available in India? Here is the list of luxury smartphones...
 
  View All
Dialogue
 
“One Day The End User Can Open Up A Used Battery, And Use What’s Inside As Barbecue Sauce”
Of course that is not something currently possible, but what B&B Batteries does have are some secret recipes for their very specialised battery design...
We Wish To Procure All The LED Components Within India: Avni Energy
G. Gururaja, director, Avni Energy Solutions Pvt Ltd, shares his views about the expanding LED industry in the Indian market and the company's plans i...
We Have Registered 50 Per Cent Growth In The Last Two Years: Arihant Lighting
Apart from LEDs, Arihant is associated with the promotion of renewable energy in India and therefore, manufactures various energy saving products....
“Elcom Plans To Build A New State Of The Art R&D And Manufacturing Unit In Maharashtra", Reveals MD Girish V Vaze
Starting out as a small business to cater to the industry’s need for import substitutes, Elcom International has grown to be a leader in the field of ...
Delta Magnets Ltd To Enter Into JV With Chinese Company!
The company had partnered with TDK Japan for technology transfer to manufacture magnets in India....
   
  View All
Videos
 
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
   
View All
   
 
IFA 2014
 
IFA 2014: LG Launches 34-Inches Curved Monitor
The company is yet to confirm price and availability of the device....
IFA 2014: Intel Launches First Core M Range Of Processors
This range of processors is tailor-made for 2-in-1 devices which include a tablet and a laptop....
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
   
View All
   
 
Events
 
19th Consumer Electronic Imaging Fair To Be Held On ...

View All
   
   
 
 

home archives contact us advertise with us
           
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Electronics Bazaar
electronicsforu.com
efytimes.com
opensourceforu.com
electronicsb2b.com
Electronics Annual Guide
EFY EXPO INDIA
EFY EXPO WEST
ELECTRONICS ROCKS
EFY Awards
OSIDAYS Expo
Electronics
Infotech
Linux & Open Source
Consumer Electronics
Science & Technology
BPO
EFY Techcenter

Educational Kits
Kitsnspares.com  
 
 
© Copyright 2015 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions