EFY Times  
Tuesday, December 01, 2015

New White Source Study Sheds Light On Open Source Security Risks
Home >> Infotech >> Technology                                                                                PRESS RELEASE
New White Source Study Sheds Light On Open Source Security Risks  
Rate this news:  (2 Votes)
Wednesday, November 27, 2013 A recent White Source study of 2,944 software projects with open source components found that 23% had security vulnerabilities. Meanwhile, only 1.3% of the open source libraries with vulnerabilities were updated with the latest version. Ninety-three percent of the vulnerabilities in infected open source libraries had either high or mid-range severity.

“Often, no one is assigned to continually monitor the open source for updates. In our study, 98.7% of the open source libraries with vulnerabilities were not updated. This presents considerable security and business risks for both vendor and customer when the product is shipped,” said Rami Sass, Co-Founder and CEO of White Source. “If you don’t stay on top of open source updates, you risk missing critical security fixes that are most likely out there,” he added.

According to Gartner, 85% of commercial software projects use open source libraries. While the benefits of open source are clear to most developers, open source projects contain the same quality and security issues as any other software projects. Most open source communities are quick to fix issues in their code, but their users are notably slow to update to new versions.

An earlier White Source survey found that 85% of software projects contain out-of-date open source libraries.

“There is a clear disconnect between what is expected from development teams and what they can realistically do. They often lack the expertise and time to continually ensure compliance with open source licenses and monitor open source libraries for future security vulnerabilities and bugs. To properly manage open source for security and compliance, a lot of the adoption and ongoing management should be automated,” said Pini Cohen, EVP and Senior Analyst from STKI

White Source, the leading provider of agile open source management solutions, has recently released a new SaaS solution that proactively alerts customers about security vulnerabilities in open source libraries. The solution also provides alerts for new versions of libraries and fixes for vulnerabilities and other software bugs.

“We match open source libraries with various repositories of vulnerabilities and with new versions made available by the respective open source communities,” said Sass. “We can provide pinpointed alerts because we always know the exact open source content of each of our customers’ projects,” he added.

The top 5 most common security vulnerabilities among White Source customers studied were:

CVE-2011-2730: This Spring Framework vulnerability lets remote attackers obtain sensitive information.

CVE-2012-0213: This Apache POI vulnerability lets remote attackers cause denial of service via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

CVE-2011-2894: This Spring-Security vulnerability lets remote attackers bypass intended security restrictions and execute untrusted code.

CVE-2009-2625: This Apache Xerces2 vulnerability lets remote attackers cause a denial of service (infinite loop and application hang).

CVE-2013-0248: This Commons-FileUpload vulnerability lets local users overwrite arbitrary files via an unspecified symlink attack.

Print Email Post Comment 
(Total Views: 393)

Infotech News
BT To Provide Faster, More Secure Connections To Hewlett Packard Enterprise Cloud Services
5 Reasons To Ditch iPhone For Android Smartphone
VWO Acquires Navilytics
Dell Refreshes Its OptiPlex Desktop Lineup
MNRE Takes Us By Surprise: 30 Per Cent Subsidy Back In Solar
Most popular



5 Most Powerful People In Tech World
ASE Receives 2015 Taiwan Corporate Sustainability Awards
Top 5 Products Open Sourced By Tech Giants
4 Chrome Extensions To Get The Most Out Of Gmail
5 Hidden Features Of Android Smartphone
Top 5 Smartphones That You Can Buy Under Rs 7,000
13 Run Prompt Shortcuts That You Must Know
8 Facebook Tricks That You Must Know
Samsung Pay Adds Eight More Credit And Debit Card Issuers Including Chase
Top 5 Games For Android Smartphones
Intex, Micromax claim 2nd spot in smartphone market
Sophos appoints Kuldeep Raina as Country Manager, India and SAARC
SC asks Vodafone to pay INR 2,000 crore for merger
Titan ties up with HP to launch smart watches
Top 10 Best Black Friday TV Deals 2015 Have Been Released By Hideal.net
Singapore IT firm to increase foothold in India


5 Reasons To Ditch iPhone For Android Smartphone
Google's Android operating system is feature rich yet, customizable....
5 Hidden Features Of Android Smartphone
The largest mobile operating system platform is full of hidden tricks and features....
8 Facebook Tricks That You Must Know
It's time to start using Facebook like a pro....
Top 5 Games For Android Smartphones
Here are top free games that you can enjoy on your Android device....
4 Chrome Extensions To Get The Most Out Of Gmail
You can boost productivity of Gmail by using these extensions....
Top 5 Smartphones That You Can Buy Under Rs 7,000
Are you planning to buy a mid-range smartphone with good performance? Here are your choices!...
13 Run Prompt Shortcuts That You Must Know
Run commands can save lot of your time and help you troubleshoot, customize your Windows....
5 Most Powerful People In Tech World
Here are some personalities, who are most influential in technology landscape....
Top 5 Products Open Sourced By Tech Giants
Releasing internal products to the open-source community is the new trend followed by technology giants....
Top 10 Interesting Facts About Microsoft Windows
World's largest operating system just turned 30 years old....
Top 5 Phones With 3GB RAM Under Rs 15,000
Here are top 5 affordable performance phones that you can buy today....
8 Hidden Features Of iOS 9
Find out 8 interesting things you didn't know you could do with your iPhone....
Here's How You Can Get New Google+
Google has pushed a newly designed version of it's social networking platform for users....
15 Toughest Questions Asked In Apple Interview
Eying for your dream job at Apple? Find out how many questions you can answer....
6 Things You May Not Know About Google Nexus 5X
Google's latest flagship Nexus device starts at Rs 31,900/-...
  View All
Meet Pranjal Saxena, India's 21 Year Old Electronics Wizard
Milan Ondhia of EFYTimes was in a forthright conversation with the 21 year old Pranjal Saxena from New Delhi; an aspirant at the WorldSkills meet, in ...
“We Offer Managed Document Solutions To CIO And IT Decision Makers”: Canon
Manufacturing within the country will surely reduce the cost of our devices, but manufacturing can begin only if there is the desired eco-system and w...
“One Day The End User Can Open Up A Used Battery, And Use What’s Inside As Barbecue Sauce”
Of course that is not something currently possible, but what B&B Batteries does have are some secret recipes for their very specialised battery design...
We Wish To Procure All The LED Components Within India: Avni Energy
G. Gururaja, director, Avni Energy Solutions Pvt Ltd, shares his views about the expanding LED industry in the Indian market and the company's plans i...
We Have Registered 50 Per Cent Growth In The Last Two Years: Arihant Lighting
Apart from LEDs, Arihant is associated with the promotion of renewable energy in India and therefore, manufactures various energy saving products....
  View All
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
View All
IFA 2014
IFA 2014: LG Launches 34-Inches Curved Monitor
The company is yet to confirm price and availability of the device....
IFA 2014: Intel Launches First Core M Range Of Processors
This range of processors is tailor-made for 2-in-1 devices which include a tablet and a laptop....
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
View All
19th Consumer Electronic Imaging Fair To Be Held On ...

View All

home archives contact us advertise with us
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Electronics Bazaar
Electronics Annual Guide
EFY Awards
Linux & Open Source
Consumer Electronics
Science & Technology
EFY Techcenter

Educational Kits
© Copyright 2015 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions