According to the RiskSense report, a number
of OSS vulnerabilities increased from 421 CVEs in 2018 to 968 in 2019. The study also confirmed that it takes much
longer to report and add these vulnerabilities to a National Vulnerability
Database (NVD). It creates a risk for companies which continue to use the
open-source resources.
The most CVEs were found in the Jenkins
automation server (646) and MySQL (624).
The most common types of weaknesses are XSS (Cross-Site
Scripting) and Input Validation, but much more types were reported as less common,
such as Deserialization, Error Handling etc.
No comments:
Post a Comment