Programmers need to pay more attention while coding in languages like PHP, and Java as a new report suggests their affinity to open source libraries makes them highly vulnerable
According to a new study published by Veracode, at least 7 in 10 applications remain vulnerable to exploitation by cybercriminals, thanks to their inclusion of open source libraries. The new findings are based on a close look at over 81,000 applications. According to the report, frameworks like PHP, Java, Ruby remain more vulnerable as these often make way for inheriting at least one flawed open-source library.
This report will concern many enterprises around the world. Open-source libraries have become a major source for innovative coding for major companies. According to Red Hat’s State of Enterprise Open Source report, 99% of IT managers believed open source development was important for their enterprise. Moreover, even tech giants have not remained immune to the lure of open source development. In 2018, Microsoft acquired the original open-source contributor GitHub at $7.5 billion.
The report also offers some soothing news for the ears. According to the report, the lack of patching can be easily fixed despite being the single biggest problem. In fact, over 90% of security flaws have easy fixes. The report also suggests enterprises fix these immediately as cybercriminals often exploit dated systems’ vulnerabilities. The report also highlights that frameworks with fewer transitional dependencies like .NET, and Swift promise less than 10% such flaws for applications. On the other hand, frameworks like Go, Python, and Java present a mixed bag of opportunities, and challenges.
The message of the report remains as clear as it gets. Open source may present tremendous potential; however, there are no free lunches when it comes to frameworks relied on open source libraries.