Total Tests:

Open Source Vulnerabilities Take Four Years to Spot, Says GitHub

By Scott Ikeda for CPO Magazine
Tuesday, December 15, 2020

The GitHub Security Lab makes a number of suggestions for developers that make use of the platform. These include checking dependencies for open source vulnerabilities on a regular schedule, having the security team actively participate in the community by sharing search findings, implementing automated alert and patching tools, and maintaining a policy of patching remediations as soon as possible.

Ilia Kolochenko, Founder & CEO of ImmuniWeb, expanded on the importance of patching early and often in regards to open source vulnerabilities: “The root problem is not detection of previously unknown Open Source Software (OSS) vulnerabilities: but well known and unpatched vulnerabilities. Virtually all industry reports and studies converge that a very small number, usually varying from 10% to 30%, of known OSS security vulnerabilities are ever patched. Rapid proliferation of containers – exacerbate the problem – as outdated and vulnerable software transform containers into ticking a time bomb … Today, cybercriminals don’t even bother to search for 0days: they have a myriad of vulnerable web systems accessible from the Internet. One can easily acquire fully automated exploits for them designed to compromise the flaw, backdoor the system and patch the vulnerability – to preclude “competitors” from getting in.”

Other strong suggestions related to the security of open source drawn from previous GitHub data breach incidents: never including login credentials in any sort of code or comments, implementing appropriate access privileges on a user-by-user basis, and mandating the use of multi-factor authentication (MFA) for anyone with access to sensitive information. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential