Open Source Code Libraries Seen as Rife With Vulnerabilities

"A study of how 31 popular open-source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted.

"The study was undertaken by Aspect Security, which evaluates software for vulnerabilities, with Sonatype, a firm that provides a Central Repository housing more than 300,000 libraries for downloading open-source components and gets 4 billion requests per year.

"'Increasingly over the past few years, applications are being constructed out of libraries,' says Jeff Williams, CEO of Aspect Security, referring to 'The Unfortunate Reality of Insecure Libraries' study. Open-source communities have done little to provide a clear way to spotlight code found to have vulnerabilities or identify how to remedy it when a fix is even made available, he says."

Complete Story

Related Stories:

• New Kernel Vulnerabilities Affect Ubuntu 11.04 and 10.10(Mar 01, 2012)
• Pwn2Own 2012 Gets Serious About Security Vulnerabilities(Jan 24, 2012)
• Three New Kernel Vulnerabilities Affect Ubuntu 10.10(Jan 24, 2012)
• Penetration Testing Shows Unlikely Vulnerabilities(Oct 26, 2011)
• Oracle Patches 73 Vulnerabilities in April Update, including OpenOffice(Apr 22, 2011)
• Vulnerabilities in Microsoft Office and OpenOffice compared(Apr 21, 2011)
• Kernel vulnerabilities: old or new?(Oct 28, 2010)
• Linux Root Access Vulnerabilities(Oct 25, 2010)
• Pressure mounts for a swifter response to vulnerabilities(Aug 04, 2010)
• Google fixes critical vulnerabilities in Chrome 5(Jul 27, 2010)