Linux Today: Linux News On Internet Time.

More on LinuxToday

Open Source Code Libraries Seen as Rife With Vulnerabilities

Mar 27, 2012, 19:01 (3 Talkback[s])
(Other stories by Ellen Messmer)

"A study of how 31 popular open-source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted.

"The study was undertaken by Aspect Security, which evaluates software for vulnerabilities, with Sonatype, a firm that provides a Central Repository housing more than 300,000 libraries for downloading open-source components and gets 4 billion requests per year.

"'Increasingly over the past few years, applications are being constructed out of libraries,' says Jeff Williams, CEO of Aspect Security, referring to 'The Unfortunate Reality of Insecure Libraries' study. Open-source communities have done little to provide a clear way to spotlight code found to have vulnerabilities or identify how to remedy it when a fix is even made available, he says."

Complete Story

Related Stories: