Top 5 Go Vulnerabilities That You Should Know

When the vulnerabilities get tough, the tough get Going.

Google’s Go programming language has been rocketing up the ranks in popularity, fast becoming a favorite for developers and companies everywhere. 

Released by the good folks at Google in 2012, Go has been declared as the 7th fastest language by GitHub, and cracked into the IEEE Top Ten list in 2018 when it came in at the number 5 spot. 

Go is beloved for its ability to help developers work more productively on large scale projects that require high-level networking and multiprocessing. Its general readability and usability along the lines of Python have also helped in extending its reach beyond Google’s suite of in-house products out to the wider community. Netflix, Uber, and CloudFlare are just some of the organizations that use Go for building their products.

As more companies are using open source components written in Go in their code, it’s important that they stay secure when it comes to known vulnerabilities that impact those components. Since these components are often used in multiple projects, a single vulnerability in one component can be used to exploit a wide range of products if developers do not move quickly to remediate.

Go is a relatively new language on the scene, which means that it does not have the long history of vulnerabilities of say a Java or C. However, as it has grown in popularity, there is now more code written in Go and therefore more vulnerabilities to watch out for. 

In hopes of making working securely with Go a little easier, we have pulled together a list of the top vulnerabilities in Go that developers should look out for in their products.

#1 CVE-2018-7187

CVSS v2 9.3, CVSS v3 (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-5-go-vulnerabilities

Gabriel Avner

Gabriel Avner

Gabriel is a former journalist who loves learning and writing about the cat and mouse game of security. These days he writes for WhiteSource about the issues impacting open source security and license management and training Brazilian Jiu-Jitsu.

gabriel-avner has 30 posts and counting.See all posts by gabriel-avner