http://www.networkworld.com/news/2012/032612-open-source-vulnerabilities-257645.html By Ellen Messmer Network World March 26, 2012 A study of how 31 popular open-source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted. The study was undertaken by Aspect Security, which evaluates software for vulnerabilities, with Sonatype, a firm that provides a Central Repository housing more than 300,000 libraries for downloading open-source components and gets 4 billion requests per year. "Increasingly over the past few years, applications are being constructed out of libraries," says Jeff Williams, CEO of Aspect Security, referring to "The Unfortunate Reality of Insecure Libraries" study. Open-source communities have done little to provide a clear way to spotlight code found to have vulnerabilities or identify how to remedy it when a fix is even made available, he says. "There's no notification infrastructure at all," says Williams. "We want to shed light on this problem." [...] ______________________________________________________________________________ Certified Ethical Hacker and CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best program, best price. www.ExpandingSecurity.com/PainPillReceived on Tue Mar 27 2012 - 00:07:18 PDT
This archive was generated by hypermail 2.2.0 : Tue Mar 27 2012 - 00:11:06 PDT