EFY Times  
Wednesday, March 04, 2015

 
GO
 
 

New White Source Study Sheds Light On Open Source Security Risks
 
Home >> Infotech >> Technology
 
New White Source Study Sheds Light On Open Source Security Risks  
 
   
Rate this news:  (2 Votes)
Wednesday, November 27, 2013 A recent White Source study of 2,944 software projects with open source components found that 23% had security vulnerabilities. Meanwhile, only 1.3% of the open source libraries with vulnerabilities were updated with the latest version. Ninety-three percent of the vulnerabilities in infected open source libraries had either high or mid-range severity.






“Often, no one is assigned to continually monitor the open source for updates. In our study, 98.7% of the open source libraries with vulnerabilities were not updated. This presents considerable security and business risks for both vendor and customer when the product is shipped,” said Rami Sass, Co-Founder and CEO of White Source. “If you don’t stay on top of open source updates, you risk missing critical security fixes that are most likely out there,” he added.

According to Gartner, 85% of commercial software projects use open source libraries. While the benefits of open source are clear to most developers, open source projects contain the same quality and security issues as any other software projects. Most open source communities are quick to fix issues in their code, but their users are notably slow to update to new versions.

An earlier White Source survey found that 85% of software projects contain out-of-date open source libraries.

“There is a clear disconnect between what is expected from development teams and what they can realistically do. They often lack the expertise and time to continually ensure compliance with open source licenses and monitor open source libraries for future security vulnerabilities and bugs. To properly manage open source for security and compliance, a lot of the adoption and ongoing management should be automated,” said Pini Cohen, EVP and Senior Analyst from STKI

White Source, the leading provider of agile open source management solutions, has recently released a new SaaS solution that proactively alerts customers about security vulnerabilities in open source libraries. The solution also provides alerts for new versions of libraries and fixes for vulnerabilities and other software bugs.

“We match open source libraries with various repositories of vulnerabilities and with new versions made available by the respective open source communities,” said Sass. “We can provide pinpointed alerts because we always know the exact open source content of each of our customers’ projects,” he added.

The top 5 most common security vulnerabilities among White Source customers studied were:

CVE-2011-2730: This Spring Framework vulnerability lets remote attackers obtain sensitive information.

CVE-2012-0213: This Apache POI vulnerability lets remote attackers cause denial of service via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

CVE-2011-2894: This Spring-Security vulnerability lets remote attackers bypass intended security restrictions and execute untrusted code.

CVE-2009-2625: This Apache Xerces2 vulnerability lets remote attackers cause a denial of service (infinite loop and application hang).

CVE-2013-0248: This Commons-FileUpload vulnerability lets local users overwrite arbitrary files via an unspecified symlink attack.



Print Email Post Comment 
(Total Views: 294)
 
Share

 
 
Infotech News
   
Sonata Software Plans To Showcase Pioneering SME-Led Technology Solutions At Belgaum
Orange Launches Breakthrough All-Inclusive Digital Offer To Deliver Mobile Internet To Millions More Across Africa And The Middle East
Site24x7 Launches Mobile Application Performance Management (APM) Beta
MakeMyTrip Mobile App Wins The Most Innovative Travel App Award At The GSF Mobile Appies Awards 2015
 
 
 
     
     
     
     
     
     
Most popular
 

Daily

Connecting The Enterprise To The Edge – Telit Enabling The Next Quantum Leap In Productivity Across The Internet Of Things
Alcatel-Lucent Demonstrates How Its Virtualized Radio Access Network Technology Will Transform Ultra-Broadband Mobile Access
Fujitsu Develops Prototype Smartphone With Iris Authentication
Orange Launches Breakthrough All-Inclusive Digital Offer To Deliver Mobile Internet To Millions More Across Africa And The Middle East
60V Triple Output, 29µA IQ Buck/Buck/Boost DC/DC Controller Maintains Regulation In Automotive & Heavy Truck Start/Stop Systems
Panasonic India Showcases A Range Of Innovative Products And Solutions For A Smart Lifestyle At The 21st IETF
Gionee Announces Its Latest Ultra Smartphone ELIFE S7 At Mobile World Congress 2015
Ericsson CEO Sets The Scene For Industry Transformation At MWC15
LGS Innovations Selects Texas Instruments KeyStoneTM SoCs For Next-Generation Portable Communications Solutions
Elision: The Webcasting Partner Of The 18th National Conference On E-Governance
 
   

Weekly

Oracle Advances Vision For Enterprise Big Data
Informatica Modernizes Data Management With Cisco To Fuel New Business Insights
Now Store 50,000 Songs In Google Play Music Cloud Locker
Apple iPhone 6, iPhone 6 Plus See Price-Cuts In India
Avnet Technology Solutions And Delta Energy Systems Partner To Deliver Cleaner, Greener UPS Solutions In Australia
Union Budget 2015-16: Key Highlights
Asus ZenFone 2 Coming To India In Q2!
Red Hat Introduces OpenShift Commons Community To Drive Innovation In Open Source Platform-As-A-Service
Intel XDK All-In-One HTML5 Development Environment
MWC 2015 Round-Up: What's In Store From Sony, Asus, LG And Lenovo!
WhatsApp Web Can Now Be Accessed On Firefox And Opera Browsers Too!
Microsoft Lumia 640, A 4G Budget Smartphone Spotted!
Android One Phones Get Android Lollipop Update In India
OpenPi – A Wireless Open-Source Mini-PC Based On Raspberry Pi Compute Module
Graebert India Unveils First DWG-Based, Full CAD Solution For Android Tablets
Cuberox – A Linux-Powered Computer Inside A Cube With Six Displays!
 
   

Overall

Features
5 Reasons To Choose Linux Mint Over Ubuntu!
Linux Mint is more recommended over Ubuntu by experts and here are five reasons for the same....
9 Ways To Learn How To Code!
Programming is a fun learning process if you are following the right path. Here are nine ways to teach yourself how to code....
Top 5 YouTube Downloader Tools For Ubuntu
Here are five easier ways to download YouTube videos on Ubuntu....
Top 10 Best Paying IT Job Titles For 2015
Here are top ten job titles in IT that pay over $90,000 per annum....
10 Programming Languages To Learn In 2015 To Secure An IT Job!
Are you looking for a job in IT? Here is the list of programming languages that you must know to crack the job in 2015....
Top 8 CAD Apps For Linux!
Looking for fully-functional CAD software for Linux? Here are eight best suggestions for you....
Top 5 Bit Torrent Clients For Ubuntu Users!
Are you looking for Bit Torrent client for Ubuntu? Here are the top 5 clients that you should consider using....
6 Most Common Java Performance Problems
Java performance is an issue of interest for all Java application developers. Here are top six most common Java performance issues....
6 Best Chrome Apps To Boost Your Productivity At Work!
Here we have brought you a list of great Chrome apps which can certainly increase web productivity while at work....
Key Differences Between Comparator And Comparable In Java
Even though both interfaces are used for comparison, there are some difference between them. Here are six major differences between the two important ...
9 Factors Why Bugzilla Is The Best Bug Tracking Tool
Here is why developers should consider using Bugzilla for squashing bugs....
7 Sublime Text Packages For Front End Developers
Here are seven best sublime text editors for front end developers....
6 Ways How Hackers Can Exploit IoT Products
IoT (Internet of Things) seems attractive but, it is not very secure. Here are six ways it can be the next biggest target of hackers!...
9 Characteristics Of A Bad Software Engineer
Are you a software engineer? Make sure that you don't possess following qualities in you....
8 Worst Phishing Scams Of All Time!
Here are the worst phishing scams which are also the most famous ones....
 
  View All
Dialogue
 
We Have Registered 50 Per Cent Growth In The Last Two Years: Arihant Lighting
Apart from LEDs, Arihant is associated with the promotion of renewable energy in India and therefore, manufactures various energy saving products....
“Elcom Plans To Build A New State Of The Art R&D And Manufacturing Unit In Maharashtra", Reveals MD Girish V Vaze
Starting out as a small business to cater to the industry’s need for import substitutes, Elcom International has grown to be a leader in the field of ...
Delta Magnets Ltd To Enter Into JV With Chinese Company!
The company had partnered with TDK Japan for technology transfer to manufacture magnets in India....
"Littelfuse Is Growing At Around 20-25 Per Cent In India And Expect That To Continue", Predicts VP Deepak Nayar
On the electronics side, Littelfuse has registered an 8-10 per cent growth, year on year....
10 Questions That Google Never Asks While Hiring!
Here is a list of 10 questions that Google just banned from their interviews....
   
  View All
Videos
 
First Look: LG Optimus G
The phone sports a high-end display and comes powered by a powerful processor. ...
Create QR-Codes For Free
TEC-IT releases the freeware QR-Code Studio to provide a quick and convenient way of QR code creation for every application scenario....
DoT Secretary Shares Plans For Growth Of Telecom Sector
M.F. Farooqui has recently taken charge as secretary, Department of Telecom....
Hands-On: Sony Xperia Z
Xperia Z is Sony's first entrant model in the big-screen smartphone category. ...
Hands On: Videocon A30 Smartphone
Videocon, the consumer electronics company which is known for its refrigerators, washing machine and air-conditioner has unveiled its Android-based sm...
   
View All
   
 
IFA 2014
 
IFA 2014: LG Launches 34-Inches Curved Monitor
The company is yet to confirm price and availability of the device....
IFA 2014: Intel Launches First Core M Range Of Processors
This range of processors is tailor-made for 2-in-1 devices which include a tablet and a laptop....
MWC 2014: Tablet Lets People Feel Textures On Its Screen
Now feel what you see on your tablet, by way of ultrasonic waves....
MWC 2014: 4K Android Tablet Games To Kill Consoles, iPad
Tablet makers like Samsung want to beat the iPad by making 4K tabs. ...
MWC 2014: This Vodafone Backpack Helps Get Network In Disaster Situations
Two engineers of Vodafone New Zealand displayed the "mini" mobile network by Vodafone substructure in a backpack. ...
MWC 2014: Wilocity Chipset To Bring 'Lightening' Speed To Mobile Phones
Wilocity has developed a WiGig chipset for mobile phones that will bring lightning-fast wireless capability ...
MWC 2014: Samsung Introduces Octacore, Hexacore Chipsets
The Korean giant, Samsung unveiled two new octacore and hexacore chipsets at MWC 2014, in Barcelona. The company previously used Exynos 5 Octa 5410 ch...
   
View All
   
 
Events
 
19th Consumer Electronic Imaging Fair To Be Held On ...

View All
   
   
 
 

home archives contact us advertise with us
           
Magazines Portals Directories Events News Verticals Educational Institute  
Electronics for You
Open Source for You
Electronics Bazaar
electronicsforu.com
efytimes.com
opensourceforu.com
electronicsb2b.com
Electronics Annual Guide
EFY EXPO INDIA
EFY EXPO WEST
ELECTRONICS ROCKS
EFY Awards
OSIDAYS Expo
Electronics
Infotech
Linux & Open Source
Consumer Electronics
Science & Technology
BPO
EFY Techcenter

Educational Kits
Kitsnspares.com  
 
 
© Copyright 2015 EFY Enterprises Pvt. Ltd.
All rights reserved. Reproduction in whole or in part in any form or medium without written permission is prohibited.
Usage of the content from the web site is subject to Terms and Conditions