Open source bugs infest enterprise apps

Enterprise apps suffer from an average of 24 bugs due to the use of open source and third-party software components, according to the security company Veracode.

An analysis of 5,300 apps by the firm showed that commonly used software components inserted during development were leading to the app vulnerabilities, exposing users to data breach, malware injection or distributed denial of service (DDoS) attacks.

Phil Neray, VP of enterprise security strategy at Veracode, said: "While the sheer number of vulnerabilities per application we found is surprising, what is truly alarming is that we also identified an average of eight ‘Very High Severity’ or ‘High Severity’ vulnerabilities per application caused by open source and third-party components.

"The data suggests that virtually all applications have at least one critical vulnerability caused by reusable components. This tells us we can significantly reduce enterprise risk by continuously auditing our customers’ application portfolios for the presence of risky components."

According to the Financial Services Information Sharing and Analysis Center a majority of internal financial services software makes use of open source at some point, and industry analysts believe that by 2015 as much as 95% of IT groups will do likewise.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing