When the vulnerabilities get tough, the tough get Going.
Google’s Go programming language has been rocketing up the ranks in popularity, fast becoming a favorite for developers and companies everywhere.
Released by the good folks at Google in 2012, Go has been declared as the 7th fastest language by GitHub, and cracked into the IEEE Top Ten list in 2018 when it came in at the number 5 spot.
Go is beloved for its ability to help developers work more productively on large scale projects that require high-level networking and multiprocessing. Its general readability and usability along the lines of Python have also helped in extending its reach beyond Google’s suite of in-house products out to the wider community. Netflix, Uber, and CloudFlare are just some of the organizations that use Go for building their products.
As more companies are using open source components written in Go in their code, it’s important that they stay secure when it comes to known vulnerabilities that impact those components. Since these components are often used in multiple projects, a single vulnerability in one component can be used to exploit a wide range of products if developers do not move quickly to remediate.
Go is a relatively new language on the scene, which means that it does not have the long history of vulnerabilities of say a Java or C. However, as it has grown in popularity, there is now more code written in Go and therefore more vulnerabilities to watch out for.
In hopes of making working securely with Go a little easier, we have pulled together a list of the top vulnerabilities in Go that developers should look out for in their products.
CVSS v2 9.3, CVSS v3 (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-5-go-vulnerabilities