Published in News

Open sauce security starting to fail

by on09 June 2020


Leaking 

It is starting to look like the idea of Open Source being more secure than proprietary software is coming unstuck.

RiskSense's "The Dark Reality of Open Source" report, analysed the top 54 open source projects found that security vulnerabilities in these tools doubled in 2019, going from 421 bugs reported in 2018 to 968 last year.

The company found 2,694 bugs reported in popular open source projects between 2015 and March 2020. The report didn't include projects like Linux, WordPress, Drupal, and other super-popular free tools, since these projects are often monitored, and security bugs make the news, ensuring most of these security issues get patched fairly quickly.

RiskSense looked at other popular open source projects that aren't as well known but broadly adopted by the tech and software community. This included tools like Jenkins, MongoDB, Elasticsearch, Chef, GitLab, Spark, Puppet, and others.

The company said that one of the main problems they found during their study was that a large number of the security bugs they analysed had been reported to the National Vulnerability Database (NVD) many weeks after they've been publicly disclosed. The company said it usually took on average around 54 days for bugs found in these 54 projects to be reported to the NVD, with PostgreSQL seeing reporting delays that amounted to eight months.

Last modified on 09 June 2020
Rate this item
(6 votes)