2020 is speeding up, and we all are locked down in our homes for now.
Well in a few months, COVID19 will disappear, but the issue of open source security vulnerabilities will be as relevant as ever.
So, what better than to learn about the vulnerabilities that you as an Open Source Manager might have to deal with, once you’re back to your job of managing security!
Why do we see a surge in Open source vulnerabilities?
To put it in simple terms, the open-source community has witnessed a massive growth in the past few years. People are now more aware of open-source security and are widely adopting open source components as well.
What’s the nature of vulnerabilities?
The most common types of security vulnerabilities are that of cross-site scripting flaws (XSS), followed by improper input validation vulnerabilities and buffer errors.
Here’s a list of top 10 developer security vulnerabilities:
- Out-of-bound read (CWE-125)
- Use After Free (CWE-416)
- Cross-site Request Forgery (CSRF) (CWE-352)
- NULL Pointer Dereference (CWE-476)
- Information Exposure (CWE-200)
- SQL Injection (CWE-89)
- Uncontrolled Resonance Consumption (CWE-400)
- Buffer Errors (CWE-119)
- Improper Input Validation (CWE-20)
- Cross-site scripting (XSS) (CWE-79)
It’s critical to note that CWE-89, which is SQL injection has emerged in the top list of vulnerabilities this year. However, since 2015, it wasn’t in the high-security issue lists.
Experts suggest that the reason why it might have re-emerged is due to an increase in the volume of open source web projects.
The above issues highlight that there exists a reason to be mindful while coding.
P.S Don’t forget to conduct software composition analysis to deal with open source vulnerabilities.
Learn a lot… And it was really very helpful.
Thanks Buddy… keep posting