UPDATED 22:25 EDT / NOVEMBER 29 2016

APPS

Report: Open source opens security products to hacking

A new report from software vulnerability management and open source security solutions company Flexera Software LLC has found that a significant number security products are included on a list of products with the most software vulnerabilities.

The report, Flexera’s “Vulnerability Update1” covers the Top 20 products with the most vulnerabilities in August, September and October 2016, included 46 software products that totaled 2,162 vulnerabilities. 11 of the 46 apps that made it to the Top 20 list were security-related products from vendors including AlienVault, IBM, Juniper, McAfee, Palo Alto and Splunk.

“It is important for organizations to understand that there will always be software vulnerabilities, and there will always be hackers with malicious intent, working to exploit those vulnerabilities,” Flexera Software Director of Secunia Research Kasper Lindgaard said in a statement sent to SiliconANGLE. “The good news is that the vast majority of vulnerabilities have patches available on the day they are made public. This means that companies and individual PC users that implement a Software Vulnerability Management solution can minimize their risk of attack — and the consequences of stolen data.”

Many of the vulnerabilities found in the security products were due to the use of embedded open source components in the products themselves, security flaws that were noted by security firm Veracode Inc. in its annual “State of Software Security Report” released in October.

“The prevalent use of open-source components in software development is creating unmanaged, systemic risks across companies and industries,” Veracode Chief Marketing Officer Brian Fitzgerald told SiliconANGLE at the time. “Today, a cybercriminal can focus on a single vulnerability in one component to exploit millions of applications. Software components are used by every industry and for software of all kinds, and given our dependence on applications, the ease at which millions of applications can be breached has the potential to create havoc in our digital infrastructure and economy.”

The use of venerable open source code is widespread not only in security software but general software and Internet of Things devices as well.

“Open source components constitute as much as 50 percent of the global code base,” Flexera Vice President of Product Management Jeff Luszcz noted. “And, as the Heartbleed open source vulnerability reminds us, vulnerable open source components built into software products can cause global disruption if they are not discovered and patched prior to delivering software products to customers. Every software and IoT producer must understand these risks, and leverage technology to automate open source component scanning, governance and vulnerability management.”

A full copy of the report can be obtained here.

Image credit: Pixabay/Public Domain CC0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU