Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Most security vulnerabilities take years to see the light of day

Image Description

Many security vulnerabilites take a seriously long time to be fully disclosed, putting businesses and users alike at risk of further attack, new research has revealed.

With over 56 million developers, GitHub is the world’s largest platform for open source developers, and as part of its annual Octoverse survey, the platform discovered that a vulnerability usually goes undetected for about 218 weeks.

That’s just over four years, and while it might sound like a lot, GitHub points to the RAND report on zero-day vulnerabilities, which discovered that exploits surviving for five years before being publicly discovered and disclosed, wasn’t unheard of.

The open source community is better placed, as GitHub discovered that over 80% of the CVEs it sends alerts for “are due to mistakes rather than malicious intent.” Even then the GitHub report points out that once a vulnerability has been identified it doesn’t take long for the community to release a fix.

Securing the supply chain

GitHub has been very vocal about securing the open source supply chain, noting that, “94% of projects rely on open source components, with nearly 700 dependencies...so when there’s a problem with security in the supply chain, you see a massive ripple effect.” 

The platform has launched security scanning tools and is also part of a new industry-wide collective to help mitigate security risks that are inherent to the open source style of development.

It reaffirms its position in the Octoverse report saying that the security findings “highlights the opportunities to improve vulnerability detection in the security community. The key is to leverage automated alerting and patching tools to secure your software quickly.”

Octoverse is the annual survey that GitHub conducts among its large cache of projects and developers in a bid to get the pulse of the community. In addition to security, the report also looks into developer productivity, and how collaboration and development patterns have shaped in light of the global pandemic.

Date

02 Dec 2020

Sources


Share


Other Blog

  • Microsoft’s latest desperate move to get people to use Edge could annoy Windows 10 users

    Microsoft really wants people to use its Edge browser, but its latest move may end up putting people off.

    Read More
  • Get back to university ready with AO's one-stop computing shop

    AO offers a one-stop-shop for computing where you'll be able to find the perfect laptop and accessories.

    Read More
  • Apple's Find My app may soon let you know if someone is keeping tabs on you

    Apple is testing out an Item Safety Alerts feature in the iOS 14.5 beta to help prevent unwanted tracking and stalking.

    Read More
  • The best cheap Amazon Kindle sale prices and deals in April 2021

    We're bringing you all the latest Kindle deals all in one place.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us