Open source components provide the building blocks for most of the technologies that we depend on, comprising between 60-80% of the code base for most modern applications available today. So when one of them is compromised with a reported known vulnerability, it can have a massive impact on a multitude of applications.
No matter how much time has passed, the story remains the same. Open source vulnerabilities are one of the biggest threats for organizations big and small. The major issue at hand is despite knowing about the different vulnerabilities and their available fixes, people aren’t taking the time to understand the open source software they are using. Plenty more are simply failing to patch the vulnerable components in their software.
In recent years as the rate of software development has exploded, the reach of vulnerabilities in popular open source projects have had a major impact on the the public at large. What is surprising though, is that even after having wrecked so much damage on the technology industry, so many of these vulnerabilities continue to haunt developers in many of the products that we know and love.
In late 2017 we highlighted some the major breaches that rocked the headlines over the past ten years. However this time around we are putting together the more well known open source vulnerabilities into the spotlight. Here are the top 5 open source vulnerabilities that shocked the open source community and could still be affecting us as we speak.
One of the most famous open source vulnerabilities till today, Heartbleed was brought to light in April of 2014. This vulnerability allowed attackers remarkable access to different kinds of sensitive information.
Heartbleed was caused by a flaw in OpenSSL, an open source code (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Zev Brodsky. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/zombies-top-5-open-source-vulnerabilities-that-refuse-to-die