Is hidden open source code putting your apps at risk?
The most overlooked open source security vulnerabilities, according to Palamida researchers, occur in Apache Geronimo, JBoss Application Server, Libtiff, Net-SNMP and ZLIB. "The most popular projects appear in every test. This always surprises companies. There is from three to 10 times the use of open source code [in software enterprise uses] than companies realize," said Theresa Bui-Friday, cofounder of Palamida.
Many companies are running software on their Web servers that contains open source code with known vulnerabilities, a security firm has found.
Software risk management solutions firm Palamida has expanded its Vulnerability Reporting Solution detection capabilities to include 431 open source security alerts. The alerts include 148 that are considered to have high-severity common vulnerability and exposures ranging from cross-site scripting and buffer overflows, to SQL injections.
In conjunction with the expanded detection capabilities, Palamida disclosed what it identified as the top five most overlooked open source security vulnerabilities found in enterprise audits during 2007. The top five vulnerabilities are based on an analysis of more than 300 million lines of code across multiple verticals that include financial services, technology and government.