Rising Risks of Open-Source Vulnerabilities in Software Development

Severity: High (Score: 69.5)

Sources: Kaspersky

Summary

The use of open-source components in software development has led to a significant increase in vulnerabilities, affecting organizations of all sizes. Current data indicates that 65% of open-source vulnerabilities lack a severity score, complicating vulnerability management. The number of CVEs has doubled in the past five years, while those without severity scores have surged by 37 times. Vulnerabilities are often identified faster than they can be remediated, and malware is increasingly found in popular open-source components. Organizations must implement comprehensive security measures, including improved vulnerability prioritization and collaboration between IT and security teams. The growing complexity of software development and regulatory pressures necessitate a proactive approach to managing open-source risks. Transparency in software supply chains is becoming essential for compliance and security. Key Points: • 65% of open-source vulnerabilities lack a severity score, complicating risk management. • The number of CVEs has doubled in five years, with unscored vulnerabilities increasing 37-fold. • Organizations must enhance vulnerability management processes to address open-source risks.

Key Entities

• Phishing (attack_type)
• Supply Chain Attack (attack_type)
• Worm (attack_type)
• Shai-hulud (malware)
• GitHub (platform)
• Maven Central (platform)
• PyPI (platform)
• Windows (platform)
• Npm (tool)
• Log4Shell (vulnerability)