State of Open Source Security 2017

by | Nov 29, 2017

ETIQUETAS: Hot news | Open source | Security

The company Snyk has released a report that analyzes The State of Open Source Security focusing on three main areas: the Open Source panorama, the life cycle of a vulnerability detected in Open Source and the future of this type of software.

The data is based on a survey of 500 open-source software active users, more than 40,000 projects, information from Red Hat and repositories of GitHub, packages, and records.

As for the Open Source panorama, the report highlights the following data from the last year:

-The number of Rubygems has increased by 10.3%.

-The number of Python libraries has grown by 32%.

-The number of Maven artifacts has risen by 28%.

-The number of npm packages has increased by 57%.

-The number of publicly available applications in Docker Hub is now 900,000, compared to 460,000 last year.

-Between the 1st of January and the 30th of September 2017, 6,300 million Python packages were downloaded.

On the life cycle of a vulnerability found in Open Source software, Snyk assures that the average time from the introduction of the vulnerability to its discovery is 2.89 years and that 75% of the vulnerabilities are not discovered by the code maintainers themselves. Among other interesting data, it has been highlighted that the average time that has come to pass from the inclusion of a vulnerability to its discovery has been 2.5 years and fixed to 16 days the average time that passes until a discovered vulnerability is corrected.

Regarding the future of Open Source, the report ensures that this latter is expanding in a clear and unstoppable way, but there is no awareness of the risks of not using or managing it correctly.

For more information, see the full report.

SHARE

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Recent posts

VDI: The most secure environment for hybrid working

Today is Data Privacy Day. The purpose of this date is to raise awareness and promote privacy and data protection best practices. It was initiated by the European Commission, the Council of Europe, and the Data Protection authorities of the European Union’s member states. Their main goal was to drive attention to the importance of privacy, user data protection, and compliance of the General Data Protection Regulation (RGPD). It is a regulation characterized by significant fines for non-compliance since its implementation in 2018.

How to avoid issues with virtual machines

Virtualization comes with a wide range of benefits for organizations. It helps cut IT costs and reduces downtime while increasing efficiency and productivity. It also increases the resiliency of networks, primarily when disasters occur, and promotes more green-friendly operations.

However, using virtual machines also comes with a set of downsides. Information security may get compromised, workloads mixed up, separation duties lost, among other issues. It is vital to know how you can get over these problems, and that’s what this article will discuss.

Let’s get started.

Archives

Stay up to date with all the news from UDS ENTERPRISE through our social networks. Follow us!

Skip to content