As shown in Converged Infrastructure, a joint study by Sonatype firms and Aspect Security has opened the debate by ensuring that most large companies in the Fortune top-500, use applications built on open source components (libraries and frameworks) with security holes .
The report, based on a survey to 2,550 developers, software architects and analysts, argues that open source “overlooks the shortcomings of ecosystems” , mainly due to the lack of a alert notification developers about the vulnerabilities and new versions with corrections. “80% of the code in the applications of today comes from libraries and frameworks. The risk of the vulnerabilities of these components is largely ignored and undervalued “, stand out.
The report states, for example, that there have been 46 million downloads of unsafe versions of libraries and frameworks most popular open source , such as Google Web Toolkit, Spring MVC, Struts 1. X. and Hibernate. Struts 2, which was downloaded over a million times by 18,000 companies, contains a critical vulnerability.
However there are many arguments against the conclusions of the study, as revealed in the original story, Converged Infrastructure .
No related posts.