images
figures
Blog

New Vulnerabilities in Open Source Packages Down 20% Compared to Last Year

Admin Globaldots
29.06.2020
image 1 Min read
Open Source & Code Security

New vulnerabilities in open source packages were down 20% compared to last year suggesting security of open source packages and containers are heading in a positive direction, according to Snyk.

Well known vulnerabilities, such as cross-site scripting, continue to be reported but aren’t impacting as many projects as they have in previous years. This is further encouraged as organizations start to drive a culture shift that embodies open source and container security as a core responsibility shared and integrated across development, security and operations teams.

This year the report took an even deeper look at vulnerability and ecosystem-level trends that impact the overall security posture of organizations relying on open source libraries.

Across the six popular ecosystems the report examined, there were fewer new vulnerabilities reported in 2019 than in 2018 – a promising finding – but there are still significant improvements to strive for with slightly less than two thirds of vulnerabilities still taking more than 20 days to remediate.

Read more: Help Net Security

Comments

0 comments

There’s more to see

slider item
Open Source & Code Security
Practicing Security in Open Source Communities
Guest Writer 31.05.21

Open source projects are the embodiment of the core philosophy: ‘free internet and technology for everyone around the globe’. They can be created, changed and distributed to anyone by anyone and for any purpose. Contributing to an open source projects is an endorsement of this philosophy, that promotes digital literacy in technological and non-technological communities. […]

Read more
slider item
Open Source & Code Security
SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm
Guest Writer

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source […]

Read more
slider item
Supply-Chain Data Protection
RCE in Cdnjs and What It Means to You
Dror Arie 19.07.21

Last week, a researcher named RyotaK shared a clever supply chain vulnerability in Cloudflare’s highly popular hosted module called cdnjs, which runs on around 12% of all sites on the web. The module helps developers consume other popular packages and integrate them safely into their sites.  The vulnerability was in the cdnjs library update server […]

Read more

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us
figure figure figure figure figure

Don’t Fortify. Amplify – Your Cloud Security Stack, Redefined.