2019 was a record year for OSS vulnerabilities
1 min read
Jun 09, 2020
Total vulnerabilities in OSS more than doubled in 2019 - suggesting that while open-source code is often considered more secure than commercial software, OSS vulnerabilities are on the rise and may be a blindspot for many organizations.
The study also revealed that it takes a very long time for OSS vulnerabilities to be added to the National Vulnerability Database (NVD), averaging 54 days between public disclosure and inclusion in the NVD. This delay can cause organizations to remain exposed to serious application security risks for almost two months.
These very long lags were seen across all severities including vulnerabilities rated as ‘Critical’ and those that were weaponized, meaning those where an exploit is present in the wild.
Related Articles
1 - 0 min read
Open Source is Not Insecure, Despite Common Misconceptions
1 - 0 min read
Do I Need Antivirus as a Linux User?
1 - 0 min read
Joomla XSS Bug Puts Millions of Websites at Risk of RCE
1 - 0 min read
Hackers' Backdoor: Warning of New Linux Kernel Vulnerability
