Known Open Source Vulnerabilities In Reusable Software Components: The Golden Goose For Hackers That Keeps On Giving

Hackers love a good puzzle. Hacker culture is rooted in finding ways to improve on code, and unravel challenges with innovative workarounds or alterations.

However when it comes to the business of hacking a target, cyber criminals are all about finding the path of least resistance. As entrance points like the network and endpoints have become increasingly hardened with stronger security, attackers are continuing to focus on the application layer as their preferred point of entry.

Applications are an enticing target for hackers since they act as the interface for accessing data in an organization’s backend which can then be used for fraud activities or sold on the dark web.

According to the Global Risk Management Survey, 84% of attacks target the application layer, taking advantage of vulnerabilities that are built into the code. This means that hackers do not have to go through the process of finding an employee that is willing to click on a phishing link. It is enough to know where to look for the vulnerability, and carry out your exploitation to make the breach.


Embracing Open Source Code Reuse For Better Efficiency

Open source components, which comprise between 60-80% of the code base in modern applications, are a favorite target for hackers because they are available for use by developers to add into their own code, adding powerful features that they would otherwise have to write on their own. Reusable software components help to speed up the development process, giving development teams the ability to meet tight deadlines.

However, these reusable components that are taken from open source projects can also be risky if they are not managed properly, with developers checking that they do not have any known vulnerabilities. When vulnerabilities are discovered by security researchers in the open source community, they (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at:

Gabriel Avner

Gabriel Avner

Gabriel is a former journalist who loves learning and writing about the cat and mouse game of security. These days he writes for WhiteSource about the issues impacting open source security and license management and training Brazilian Jiu-Jitsu.

gabriel-avner has 19 posts and counting.See all posts by gabriel-avner