70% of Mobile, Desktop Apps Contain Open-Source Bugs

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,174
Content source
https://threatpost.com/70-of-apps-open-source-bugs/156040/
A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library.

According to Veracode’s annual State of Software Security report, these open-source libraries – free, centralized code repositories that provide ready-made application “building blocks” for developers – are not only ubiquitous but also risky.

The analysis examined 351,000 external libraries in 85,000 applications, and found that open-source libraries are extremely, extremely common. For instance, most JavaScript applications contain hundreds of open-source libraries – some have more than 1,000 different libraries. In addition, most languages feature the same set of core libraries.

“JavaScript and PHP in particular have several core libraries that are in just about every application,” according to the report.

These libraries, like other software, have bugs. The issue is that thanks to code re-use, a single bug can affect hundreds of applications.

“Prominent in almost every application today, open-source libraries allow developers to move faster by quickly adding basic functionality,” according to Veracode. “In fact, it would be nearly impossible to innovate with software without these libraries. However, lack of awareness about where and how open source libraries are being used and their risk factors is a problematic practice.”
Click to expand...
www.veracode.com

Announcing Our State of Software Security: Open Source Edition Report | Veracode

Today, we published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. Prominent in almost every application today, open source libraries allow developers to move faster by...
www.veracode.com www.veracode.com
 
  • Like
  • +Reputation
Reactions: Stopspying, CyberTech, Paul.R and 7 others
MonSpyder9

MonSpyder9

Level 2
May 4, 2020
39
I don't understand why people think that open-source = secure. It's only secure if someone actually bothers to check through the code, but considering what happened with Brave recently, it's clear that very few people spend time looking at open sourced code on GitHub. With closed source apps someone is actually obligated to check everything - their paycheck depends on it. I'm not hating on free and open source stuff, I love freedom, but people should be realistic about this kind of stuff.
 
  • Like
Reactions: Vitali Ortzi, Stopspying and Protomartyr
You must log in or register to reply here.

Similar threads

MuzzMelbourne
Crypto Opinions & News Best Web3 open-source tools 2023
Replies
0
Views
476
Crypto News
MuzzMelbourne
MuzzMelbourne
SeriousHoax
    • Like
    • +Reputation
    • Applause
Microsoft is busy rewriting core Windows code in memory-safe Rust
Replies
2
Views
627
News Archive
kylprq
K
MuzzMelbourne
    • Like
    • Applause
Hot Take Anatomy of a Malicious Package Attack
Replies
2
Views
657
General Security Discussions
tobythomas
T

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top