Most open source software has security vulnerabilities

Audit highlights flaws in security across wide range of open source applications

Open Source

An audit of more than a thousand applications containing open source code has found that 60% of them have some kind of security vulnerability.

Open source security firm Black Duck analysed 1,017 applications for its 2017 Open Source Security and Risk Analysis (OSSRA), and found that 96% of the apps contained open source code and more than 60% of the apps contained open source security vulnerabilities. 

Advertisement - Article continues below

The survey also looked at applications used in the financial sector, discovering that, on average, they contained 52 open source vulnerabilities per application, with 60% of the applications containing high risk vulnerabilities. The retail and e-commerce industry had the highest proportion of applications with high-risk open source vulnerabilities, with 83% of audited applications containing high-risk vulnerabilities.

Black Duck CEO Lou Shipley called the findings an "eye opener" for security professionals, because the application layer is a primary target for hackers. "Exploits of open source vulnerabilities are the biggest application security risk that most companies have," he said.

Chris Fearon, director at Black Duck's open source security research group, COSRI's security research arm, said that while many are using open source, very few are doing an adequate job detecting, remediating and monitoring open source vulnerabilities in their applications.

Advertisement - Article continues below

"The COSRI analysis of the audits clearly demonstrates that organisations in every industry have a long way to go before they are effective in managing their open source," he said.

Advertisement - Article continues below

The report also showed that open source licence conflicts were also found to be widespread in the audited applications, with 85% of audited applications containing components with license conflicts. The most common challenges were general public license (GPL) GPL violations, with 75% of applications containing components under the GPL family of licenses, but only 45% of those applications in compliance with GPL obligations.

"Open source use is ubiquitous worldwide and recent research reports show that between 80% and 90% of the code in today's apps is open source. This isn't surprising because open source is valuable in lowering dev costs, accelerating innovation and speeding time to market. Our audits confirmed the universal use, but also revealed troubling levels of ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges," added Shipley.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


operating systems

Best Linux distros 2020

18 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020