"Open-Source Security: This Is Why Bugs in Open-Source Software Have Hit a Record High"
There has been a significant rise in the number of reported open-source vulnerabilities because of the growth in open-source software adoption and the performance of studies aimed at uncovering security flaws. According to the security firm WhiteSource, researchers disclosed 2,000 more open-source vulnerabilities in 2019 than in 2018, jumping from 4,100 to 6,100. This increase in the number of reported open-source vulnerabilities appears to have been sparked by Google's disclosure of the widespread OpenSSL Heartbleed bug in 2014. The incident called on the tech industry to pay more attention to open-source security, thus increasing efforts toward finding bugs. The most common types of open-source flaws reported by researchers in 2019 include cross-site scripting, buffer errors, information exposure, improper input validation, and out-of-bounds reads. This article continues to discuss the rise in the number of disclosed open-source software flaws, the tools used to find these bugs, the lack of awareness about bug fixes, and the most common types of vulnerabilities.
"Open-Source Security: This Is Why Bugs in Open-Source Software Have Hit a Record High"