EFY Times  
Wednesday, April 23, 2014

 
GO
 
 

New White Source Study Sheds Light On Open Source Security Risks
 
Home >> Infotech >> Technology
 
New White Source Study Sheds Light On Open Source Security Risks  
 
   
Rate this news:  (2 Votes)
Wednesday, November 27, 2013 A recent White Source study of 2,944 software projects with open source components found that 23% had security vulnerabilities. Meanwhile, only 1.3% of the open source libraries with vulnerabilities were updated with the latest version. Ninety-three percent of the vulnerabilities in infected open source libraries had either high or mid-range severity.






“Often, no one is assigned to continually monitor the open source for updates. In our study, 98.7% of the open source libraries with vulnerabilities were not updated. This presents considerable security and business risks for both vendor and customer when the product is shipped,” said Rami Sass, Co-Founder and CEO of White Source. “If you don’t stay on top of open source updates, you risk missing critical security fixes that are most likely out there,” he added.

According to Gartner, 85% of commercial software projects use open source libraries. While the benefits of open source are clear to most developers, open source projects contain the same quality and security issues as any other software projects. Most open source communities are quick to fix issues in their code, but their users are notably slow to update to new versions.

An earlier White Source survey found that 85% of software projects contain out-of-date open source libraries.

“There is a clear disconnect between what is expected from development teams and what they can realistically do. They often lack the expertise and time to continually ensure compliance with open source licenses and monitor open source libraries for future security vulnerabilities and bugs. To properly manage open source for security and compliance, a lot of the adoption and ongoing management should be automated,” said Pini Cohen, EVP and Senior Analyst from STKI

White Source, the leading provider of agile open source management solutions, has recently released a new SaaS solution that proactively alerts customers about security vulnerabilities in open source libraries. The solution also provides alerts for new versions of libraries and fixes for vulnerabilities and other software bugs.

“We match open source libraries with various repositories of vulnerabilities and with new versions made available by the respective open source communities,” said Sass. “We can provide pinpointed alerts because we always know the exact open source content of each of our customers’ projects,” he added.

The top 5 most common security vulnerabilities among White Source customers studied were:

CVE-2011-2730: This Spring Framework vulnerability lets remote attackers obtain sensitive information.

CVE-2012-0213: This Apache POI vulnerability lets remote attackers cause denial of service via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

CVE-2011-2894: This Spring-Security vulnerability lets remote attackers bypass intended security restrictions and execute untrusted code.

CVE-2009-2625: This Apache Xerces2 vulnerability lets remote attackers cause a denial of service (infinite loop and application hang).

CVE-2013-0248: This Commons-FileUpload vulnerability lets local users overwrite arbitrary files via an unspecified symlink attack.



Print Email Post Comment 
(Total Views: 205)
 
Share
 
 
Infotech News
   
This Online Time Capsule Will Store Upto 100GB Data For 30 Years!
Here Are 18 Proxy Websites To Access Blocked Websites
12 Instant Messaging Clients For Linux Users!
7 Cryptography Books That'll Answer All Your Questions!
Want To Access Blocked Sites? Here's How!
 
 
 
     
     
     
Press Release
     
New 4’ Explosion Proof Portable LED ...
ViewSonic Readies 27-Inches ...
Infosys DigitizeEdge Creates New ...
New Hitachi Data Systems Technology ...
N2Power Team Up With TTI Europe, Inc., ...
Canon Bets Big On Kids For Home Inkjet ...
Tokyo Electron Device Announces Release ...
Molex Plateau HS Dock+ Connector System ...
Global Benzene Market & It's ...
Time Warner Announces Board Of ...
Frontier Communications’ Three-Year ...
Zycus eSourcing The First To Celebrate ...
Research And Markets: Global ...
Littelfuse Receives 2013 Supplier Of ...
VESA And MIPI Alliance Announce The ...
Research And Markets: Global ...
NIIT Technologies And Morris ...
Research And Markets: Retail In Russia ...
SanDisk Announces 15 Nanometer ...
Saab Supplies Vehicle Electronics To ...
Research And Markets: Global Consumer ...
Sonics Expands Market Lead In ...
STMicroelectronics’ New Sub-Dollar ...
Samsung Galaxy Series Riding High On ...
Power Matters Alliance Welcomes ...
 
Samsung And PayPal Select Nok Nok Labs ...
Your Most Cost-Effective 4-Color Label ...
Casio Showcases Power-Saving Timepieces ...
LG Unveils Two Powerful New Mobile ...
OHL And Birchbox Collaborate For New ...
TeleYemen First To Offer iDirect-Based ...
JMR BlueStor Networked Storage Server ...
Syntel Launches New Digital Enterprise ...
Forget That Power Cuts Ever Existed!
Cota Wireless Power Solution Penetrates ...
Sigma Labs, Inc. Signs An Agreement ...
The Personal Connected Health Alliance ...
CSX Celebrates Earth Day With Focus On ...
Commercial Telematics Market Worth ...
HELLA Developing New Charging Systems ...
High-Performance, Low-Cost ...
LG And Team ENERGY STAR Invite Youth To ...
SHV Energy Simplifies Its Distribution ...
Firstsource And BSkyB Partnership Wins ...
Verizon 2014 Data Breach Investigations ...
TigerDirect Becomes Huawei Enterprise ...
Metamaterials Market Worth $643 Million ...
Power Transmission Executives To Gather ...
Sonata Software Strengthens Next ...
Industrial DeNOx Systems & Services ...
     
     
     
     
     
Most popular
 
Features
Here Are 18 Proxy Websites To Access Blocked Websites
Go on and surf some blocked websites......
12 Instant Messaging Clients For Linux Users!
Want to chat with your friends? Use these IMs!...
7 Cryptography Books That'll Answer All Your Questions!
If you want to learn to break ciphers, encryptions or codes, well, look no further... ...
Want To Access Blocked Sites? Here's How!
Do check with your local authorities before taking the plunge. ...
Are You An IT Security Professional? Here Are 8 Awesome Books!
Without proper resources and the skill set, maintaining the security of your network is a half-hearted attempt. ...
6 Tools That Let You Browse The Net Anonymously!
Being anonymous on the internet is even more important in this age of constant snooping by governments etc....
10 Useful Firefox Add-ons For Hackers
Well, if you're looking to have some fun with your Mozilla Firefox browser, these add-ons might just be the ones for you!...
13 Open Source Game Engines That Developers Can Use
Game engines have been modeled after games like Quake etc. and they are very useful for developers....
Micromax Will Now Manufacture Smartphones In India
The company has also started producing its tablet devices in India....
LG G3 May Have Google Now Like Feature Of Its Own
The device is expected to arrive in the second half of 2014 and will have a quad-HD display....
HTC May Have Secures Nexus 8 Contract
The Nexus 8 is expected to be unveiled at the Google’s I/O developer conference in June 2014....
Github Co-Founder Quits Over Harassment Case!
Tom Preston-Werner and his wife have been accused of sexism and gender-based discrimination....
Earth Day Special: Apple Is Recycling Its Products For Free!
Apple is even giving out gift cards for products that have resale value....
Xolo Launches Q1010i Affordable Smartphone AT Rs 13,499
The device is priced in the same range as the Moto G and the Micromax Canvas Turbo Mini....
7 Useful And Lightweight Markup Languages
Learning HTML may not be the easiest thing to do, but learning these markup languages is quite simple!...
 
  View All
Dialogue
 
HTC Is Strong And There Are No Plans Of Sale Now Or In Future, Says HTC's Senior Director-Marketing
Atithya Amaresh from EFYTimes had an exclusive chat with Sirpa H. Ikola, senior director, Marketing, South Asia, HTC about its devices and its plans w...
“Cloud And Hybrid Hosting Are The Way To Go!”
Diksha P Gupta from Open Source For You spoke to Anil Chandaliya, chief network administrator, ESDS, about how customers can play safe while dealing w...
"Linux Interoperability Has Been Enabled Through Work Across Microsoft"
Diksha P Gupta from the OSFY team spoke to Dr K Y Srinivasan, principal architect at Microsoft, about how the company is moving ahead on the open trac...
"For Modern Day Tablets And Smartphones, Android Has Become A Default"
Diksha P Gupta from EFYTimes.com spoke to Indrajit Sabharwal, managing director, Simmtronics Semiconductors Ltd, about the compan...
"Torvalds' Blunt, Harsh Criticism Helps Open Source Grow"
Steve Ballmer called Linux 'cancer, which attached itself... to everything it touches,' in 2001 and oh-so-rightly. ...
   
  View All
Videos
 
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
   
View All
   
 
MWC 2014
 
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
MWC 2014: Alcatel Unveils PIXI 7 Tablet With Android 4.4
Alcatel arrived at the MWC 2014 with yet another low cost Android tablet, priced at $110 ...
MWC 2014: LG F70 Unveiled With Android 4.4
LG announced the new LTE-enabled Android smartphone, LG F70, at MWC 2014 in Barcelona. ...
   
View All
   
 
Events
 
19th Consumer Electronic Imaging Fair To Be Held On ...

View All
   
   
 
 

home archives contact us advertise with us
           
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Facts for You
Electronics Bazaar
electronicsforu.com
efytimes.com
bpotimes.com
linuxforu.com
Electronics Annual Guide
EFY EXPO
EFY Awards
EduTech Expo
OSIDAYS Expo
Electronics
Infotech
Linux & Open Source
Consumer Electronics
Science & Technology
BPO
EFY Techcenter 
 
 
© Copyright 2014 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions