Programmers need to pay more attention while coding in languages like PHP, and Java as a new report suggests their affinity to open source libraries makes them highly vulnerable
According to a new study published by Veracode, at least 7 in 10 applications remain vulnerable to exploitation by cybercriminals, thanks to their inclusion of open source libraries. The new findings are based on a close look at over 81,000 applications. According to the report, frameworks like PHP, Java, Ruby remain more vulnerable as these often make way for inheriting at least one flawed open-source library.
Also Read: Biometric Security Startup BioCatch Secures $145 Million in Series C Funding
This report will concern many enterprises around the world. Open-source libraries have become a major source for innovative coding for major companies. According to Red Hat’s State of Enterprise Open Source report, 99% of IT managers believed open source development was important for their enterprise. Moreover, even tech giants have not remained immune to the lure of open source development. In 2018, Microsoft acquired the original open-source contributor GitHub at $7.5 billion.
However, despite its major promise on the product development front, open-source app development remains a pressing security concern. According to Veracode’s report as published on darkreading.com, it is important for developers to take the potential vulnerabilities into account. According to the report, PHP applications on average can source as many as 34 open source components. While this may not seem much, PHP opens a larger share of vulnerable libraries as compared to JavaScript. On the other hand, JavaScript application development can lead to the import of 377 open source libraries on average. JavaScript often embeds a lower number of vulnerable libraries.
Chris Eng, chief research officer at Veracode told darkreading.com, developers need to focus more on patching as well as approaching applications in a different way. He said, as frameworks like PHP, and JavaScript differ with their security characteristics, developers need to keep this in mind to make their applications less susceptible to flaws. According to him, open-source software presents several challenges with its variety of security flaws. Moreover, he also noted that the attack surface for many applications is surprisingly large for many developers. Additionally, open-source libraries have a dependency, which is important to consider when selecting frameworks, their size, and the prevalence of flaws in those ecosystems.
Also Read: Is COVID-19 Lockdown Keeping the Fraudsters Also Home?
The report also offers some soothing news for the ears. According to the report, the lack of patching can be easily fixed despite being the single biggest problem. In fact, over 90% of security flaws have easy fixes. The report also suggests enterprises fix these immediately as cybercriminals often exploit dated systems’ vulnerabilities. The report also highlights that frameworks with fewer transitional dependencies like .NET, and Swift promise less than 10% such flaws for applications. On the other hand, frameworks like Go, Python, and Java present a mixed bag of opportunities, and challenges.
The message of the report remains as clear as it gets. Open source may present tremendous potential; however, there are no free lunches when it comes to frameworks relied on open source libraries.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
