If you want to help grow awareness around securing open source software, take the State of Open Source Survey.
Why it is important, you ask? Every year numerous security vulnerabilities are reported across multiple ecosystems. This report, since 2017, has been a go-to aggregation point of security concerns across application libraries in PyPi, Go (aka Golang), npm, Maven Central, and PHP Packagist.
Analysis of last year's report shows rapid growth of vulnerabilities across all of these programming languages (Python, Go, Node.js, Java, PHP). As part of our research, we turn to the community to share their perspectives through our State of Open Source Security survey.
Vulnerabilities by Ecosystem graph from State of Open Source Security 2019 Report
When looking at vulnerabilities, we not only want to understand the sheer number but also the criticality of the vulnerabilities being discovered. We saw a somewhat encouraging trend, where the proportion of high to medium severity vulnerabilities reported shifted toward less risky medium severity vulnerabilities.
However, just as we seemingly started to be improving security posture and reducing the criticality of vulnerabilities, new attack vectors always arise, and that is why the 2019 report started to take a look at some of the key trends in vulnerabilities around container images.
We looked at the known vulnerabilities in the system libraries within some of the most popular images on Docker Hub. We found that the average number of vulnerabilities was quite high but in particular Node.js libraries included in these images tended to be significantly vulnerable. If there was a silver lining to be found in this it was that 44% of the vulnerabilities could be fixed by ..
Support the originator by clicking the read the rest link below.
