Report: Attacks based on open source vulnerabilities will rise 20 percent this year

As open source code becomes more prevalent in both commercial and home-grown applications, the number of attacks based on its vulnerabilities will increase by 20 percent this year, predicted Black Duck Software, which collects statistics about open source projects.

The number of commercial software projects that were composed of 50 percent or more of free, open source software went up from 3 percent in 2011 to 33 percent today, said Mike Pittenger, vice president of security strategy at Black Duck Software.

The average commercial application uses more than 100 open source components, he said, and two-thirds of commercial applications have code with known vulnerabilities in it.

Worst of all, there’s often no way for buyers to know what open source components are in the software they’re buying.

Leave a Reply

Your email address will not be published. Required fields are marked *