Failings in open source disclosure puts users at risk


There has been a 50% rise in open source vulnerabilities, according to a study from platform provider WhiteSource. According to the State of open source security vulnerabilities report, more than 55% of reported open source vulnerabilities in 2019 were classified as “high” or “critical” severity, which WhiteSource said affected IT teams’ ability to prioritise vulnerability remediation.

The study found that the number of disclosed open source software vulnerabilities in 2019 skyrocketed to exceed 6,000. The research, which uses the WhiteSource database, is based on reported vulnerabilities, combining vulnerability reports from the US National Vulnerabilities Database (NVD), security advisories, peer-reviewed vulnerability databases and open source issue trackers.