EFY Times  
Sunday, October 26, 2014

 
GO
 
 

New White Source Study Sheds Light On Open Source Security Risks
 
Home >> Infotech >> Technology
 
New White Source Study Sheds Light On Open Source Security Risks  
 
   
Rate this news:  (2 Votes)
Wednesday, November 27, 2013 A recent White Source study of 2,944 software projects with open source components found that 23% had security vulnerabilities. Meanwhile, only 1.3% of the open source libraries with vulnerabilities were updated with the latest version. Ninety-three percent of the vulnerabilities in infected open source libraries had either high or mid-range severity.






“Often, no one is assigned to continually monitor the open source for updates. In our study, 98.7% of the open source libraries with vulnerabilities were not updated. This presents considerable security and business risks for both vendor and customer when the product is shipped,” said Rami Sass, Co-Founder and CEO of White Source. “If you don’t stay on top of open source updates, you risk missing critical security fixes that are most likely out there,” he added.

According to Gartner, 85% of commercial software projects use open source libraries. While the benefits of open source are clear to most developers, open source projects contain the same quality and security issues as any other software projects. Most open source communities are quick to fix issues in their code, but their users are notably slow to update to new versions.

An earlier White Source survey found that 85% of software projects contain out-of-date open source libraries.

“There is a clear disconnect between what is expected from development teams and what they can realistically do. They often lack the expertise and time to continually ensure compliance with open source licenses and monitor open source libraries for future security vulnerabilities and bugs. To properly manage open source for security and compliance, a lot of the adoption and ongoing management should be automated,” said Pini Cohen, EVP and Senior Analyst from STKI

White Source, the leading provider of agile open source management solutions, has recently released a new SaaS solution that proactively alerts customers about security vulnerabilities in open source libraries. The solution also provides alerts for new versions of libraries and fixes for vulnerabilities and other software bugs.

“We match open source libraries with various repositories of vulnerabilities and with new versions made available by the respective open source communities,” said Sass. “We can provide pinpointed alerts because we always know the exact open source content of each of our customers’ projects,” he added.

The top 5 most common security vulnerabilities among White Source customers studied were:

CVE-2011-2730: This Spring Framework vulnerability lets remote attackers obtain sensitive information.

CVE-2012-0213: This Apache POI vulnerability lets remote attackers cause denial of service via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

CVE-2011-2894: This Spring-Security vulnerability lets remote attackers bypass intended security restrictions and execute untrusted code.

CVE-2009-2625: This Apache Xerces2 vulnerability lets remote attackers cause a denial of service (infinite loop and application hang).

CVE-2013-0248: This Commons-FileUpload vulnerability lets local users overwrite arbitrary files via an unspecified symlink attack.



Print Email Post Comment 
(Total Views: 257)
 
Share

 
 
Infotech News
   
Majority Of DDoS Traffic In 2014 Originated From India: Symantec Research
SBI Launches ‘mPassBook’ Facility In ‘State Bank Anywhere’ Smart Phone Application
Tata Consultancy Services Honored For Outstanding Contribution To The Germany-India Economic Eelationship
Strate, South Africa Selects TCS BaNCS For Multi-Asset Class Depository Operations, Expands Its Relationship With TCS
OptaSense Provides Revenue Assurance To LNG Pipeline By Reducing The Impact Of Third Party Intrusion
 
 
 
     
     
     
     
     
     
Most popular
 

Daily

New White Paper From Boyd Corporation Discusses Noise And Vibration Analysis And Control
ASSET InterTech And Mentor Graphics IJTAG Interoperability Empowers Two-Way Validation Flow Between Chips And Boards
Pixability Announces Industry’s First Programmatic YouTube TrueView Optimization Platform
AEG Power Solutions: Strengthens Team With New Sales VPs
Altium And Aras Partner For Next Generation ECAD/MCAD Collaboration In PLM Environments
SBI Launches ‘mPassBook’ Facility In ‘State Bank Anywhere’ Smart Phone Application
HyperSound Virtual Reality Audio For Retail To Be Showcased At Shopper Marketing Expo 2014
Renesas Electronics Europe Announces Wireless M-Bus Solution That Adds Communications To Metering Applications
DSP Group Introduces ULE For IoT Applications Over Intel(R) Puma(TM) 6-Powered Home Gateways
Global Wearable Electronics And Technology Market Outlook 2020: Adidas, Apple, Sony, Fitbit, Jawbone & Nike Dominate The Market
 
   

Weekly

Drupal Fixes SQL Injection Flaw In Version 7.32
Android 5.0 Lollipop: 10 Most Exciting Features
Top 10 Flaws Of Hadoop That Are Seriously Annoying!
MongoDB Recognized As The Only “Challenger” In The Gartner 2014 Magic Quadrant For Operational Database Management Systems
Intex Aqua Style X And WIIO Wi5 Exclusively Available On ebay.in
Top 8 Books On Hadoop Technology
Top 10 Big Data Technologies Of Present Times
AIC SB122-TO Offers 8Bay NVMe PCIe SSD Server Solution In 1U
OFS CEO Rich Napoli Wins NJTC CEO Of The Year Award
10 Scariest Hacking Incidents In The World!
3D Printing Technology Leads To Innovation Of Prosthetic Hand For Kids
Xiaomi Redmi Note Price Confirmed In India
Apple Issues Fresh Security Warning For iCloud Users
10 Technologies Transforming Developers' World!
Truecaller v4.2 Version To Be Exclusively Available On Windows 8.1 Phones
Asia's Largest Convention On Open Source Is Back
 
   

Overall

Agility Systems Deals in:

Document Management System for law firms
Features
Top 8 Books On Hadoop Technology
Let's discuss 8 best books to learn Hadoop and how to get started with it....
20 Tools And Resources For Building And Testing Regular Expressions
Here we'll provide a list of 20 best tools and resources which will help you in writing regular expressions in a more streamlined way....
10 Scariest Hacking Incidents In The World!
A detailed report about the scariest side of hacking was recently released by WebHostingBuzz which gives us a list 10 scariest hacks and also possibi...
8 Best SVG Tools For Web Developers
There are some useful SVG tools which will of great help for any aspiring SVG developer. Take a look at the 8 best ones....
Top 8 Resources To Get Started With Go Programming Language
Go is a very well-structured language which has a syntax like the C language and it's very easy to learn....
Top 10 Big Data Technologies Of Present Times
Over last few years Big Data technologies are getting due attention and there are several trends and innovations in this space in recent times....
Top 10 Unexplored Areas In Java Programming Language
Here we will give you a list of 10 most unexplored areas of Java....
10 Best Practices An Independent Developer Should Follow!
Being an independent developer means you have to think beyond coding, about all partnerships and business prospective too....
10 Necessities For Modern Cloud Storage System
Here we will present a list of 10 requirements in the new generation cloud storage system of the 21st century....
10 Technologies Transforming Developers' World!
Here we'll discuss top ten technologies which are changing the nature of programming....
Ubuntu Turns 10! Here's All You Should Know!
On the occasion of 10th anniversary of Ubuntu, let's take a look at brief history of this renowned desktop distribution....
Android 5.0 Lollipop: 10 Most Exciting Features
Since the preview, Google has added lots of new features to the final release of the latest Android version. Here we will discuss top 10 features of m...
GPS Technology: Know The Basic Facts
Let's take a look how this GPS technology is operated in our daily uses....
10 Best Open Source Web Application Security Scanning Tools
Here we'll provide you with a list of 10 open source tools which are used to detect security vulnerabilities in web applications....
5 Ways In Which NFC Can Transform Your World!
Let’s have a look at 10 ways how NFC can actually rock your world in the near future....
 
  View All
Dialogue
 
10 Questions That Google Never Asks While Hiring!
Here is a list of 10 questions that Google just banned from their interviews....
For Enjay, Open Source Technology Is A Way Of Life
An entirely open source-based company, Enjay IT Solutions, has built itself a reputation in the OSS domain....
Switching To Tizen Doesn’t Mean We Are Abandoning Android: Samsung
The company has worked to build Tizen up from scratch and has now introduced it to developers and the general public with its latest range of wearable...
Venturing Into The Cloud? Develop A Customised Cloud Strategy First!
Diksha P Gupta speaks to Rushikesh Jadhav, cloud evangelist, ESDS Software Solution Pvt Ltd, on how the cloud has changed the way compan...
HTC Is Strong And There Are No Plans Of Sale Now Or In Future, Says HTC's Senior Director-Marketing
Atithya Amaresh from EFYTimes had an exclusive chat with Sirpa H. Ikola, senior director, Marketing, South Asia, HTC about its devices and its plans w...
   
  View All
Videos
 
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
   
View All
   
 
IFA 2014
 
IFA 2014: LG Launches 34-Inches Curved Monitor
The company is yet to confirm price and availability of the device....
IFA 2014: Intel Launches First Core M Range Of Processors
This range of processors is tailor-made for 2-in-1 devices which include a tablet and a laptop....
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
   
View All
   
 
Events
 
19th Consumer Electronic Imaging Fair To Be Held On ...

View All
   
   
 
 

home archives contact us advertise with us
           
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Electronics Bazaar
electronicsforu.com
efytimes.com
opensourceforu.com
electronicsb2b.com
Electronics Annual Guide
EFY EXPO INDIA
EFY EXPO WEST
ELECTRONICS ROCKS
EFY Awards
OSIDAYS Expo
Electronics
Infotech
Linux & Open Source
Consumer Electronics
Science & Technology
BPO
EFY Techcenter

Educational Kits
Kitsnspares.com  
 
 
© Copyright 2014 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions