Security in Open Source Software Isn’t Automatic – but It Should Be

Over the past few years companies have been increasing their use of open source code to help them build more powerful applications faster.

Open source components cut down application development time by providing powerful features that developers do not have to write on their own, speeding up deployment of new releases. Forming the backbone of today’s software, open source components now comprise between 60-80% of modern applications.

Open Source Libraries and Tools – a Liability to Security

Development teams can easily take advantage of the different open source libraries and tools, which are updated and provided by the open source community, taking them from popular resources like GitHub.

Along with the clear advantages for developers, using open source components is not without risk. Keeping your software products secure can be a challenge and require the right tools to address the threats. In the case of open source components, as opposed to proprietary code that is written in-house by a company, the primary risk to products using open source software are known vulnerabilities. These are vulnerabilities that have been published online and are available for anyone to view and possibly use to exploit victims. The issue of using components with known vulnerabilities is probably already on your radar, having held a spot on OWASP’s infamous Top 10 since 2013.

As third-party software, open source components can be used in thousands of products, and a vulnerability found in a single component can have an impact on a wide range of applications. Because open source components are maintained by the open source community, we depend on them to alert us to new vulnerabilities when these security researchers find them.

In seeking to keep others secure, these researchers will post their findings on (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by SensorsTechForum Guest Authors. Read the original post at: