In the midst of some major security issues, a new report has emerged that predicts 20 percent increase in the number of attacks on open source vulnerabilities in 2017.
Security company Black Duck has published the forecast. The company has analysed the data of last six years. It highlights some interesting facts.
Black Duck Software reports that commercial software projects use 50 or more percent of free, open source components. The average commercial application that is widely used by professionals consists more than 100 open source components. Furthermore, two-thirds of commonly used commercial applications are found with some or other known vulnerability.
According to the report, most manufacturers of licensed commercial software do not provide a list of all components. Also, the licensed software developments are often a proprietary tech of a company which makes it difficult for developers to scan the code for vulnerabilities.
Mike Pittenger, vice president of security strategy at Black Duck Software, says that scanning a binary without the permission of vendor could be the violation of its license agreement. Therefore, customers often proceed to third-party sources such as Black Duck.
Open source backed technologies like artificial intelligence (AI), Internet of Things (IoT) are highly vulnerable nowadays. The growth of attacks on IoT devices was quite significant last year. What happened with Mirai botnet was out of control. According to Pittenger, even a new code might contain some old and known vulnerabilities.
In addition the botnet, Heartbleed bug discovered in OpenSSL library in 2014 was big news. Still, 10 percent of the total open source application base is found to have the infamous bug.