Digital infrastructure At Risk From Security Flaws In Java And Open Source

The wide spread use of Java and open source software components is creating an unmanageable cyber security risk, according to analysis conducted by application security specialist Veracode.

A report it produced on code-level analysis of billions of lined of code across 300,000 assessments performed over the last 18 months, revealed that 97 percent of Java applications contained at least one component with a known cyber vulnerability.

The report found that one flaw in a single popular component can spread it to more than 80,000 software components, which in turn could be used for the development of potentially millions of software programmes, thereby propagating its spread further and further.

Open source danger

While many champion the use of open source development as means to build software out of cutting edge components and code that benefits from the combined expertise of a community of developers, the lack of security oversight can lead to cyber security holes spreading like wildfire.

“The prevalent use of open source components in software development is creating unmanaged, systemic risks across companies and industries,” said Brian Fitzgerald, CMO at Veracode.

“Today, a cybercriminal can focus on a single vulnerability in one component to exploit millions of applications. Software components are used by every industry and for software of all kinds, and given our dependence on applications, the ease at millions of applications can be breached has the potential to create havoc in our digital infrastructure and economy.”

The report noted that 60 percent of applications failed basic security requirements on their first scan. However, it highlighted that the rise of DevOps is leading to more companies carrying out repeated scans of their software and integrating security processes as it is developed in order to pick out the vulnerabilities without slowing down software creation.

Simply adhering to best practices when developing software can root out problems without abandoning open source use.

“The ability to frequently test applications is going to be crucial to the success of secure development initiatives at companies with continuous development and deployment models like those found in DevOps environments,” said Chris Wysopal, co-founder and CTO at Veracode. “Our platform data shows that more companies are starting to test applications multiple times throughout the development lifecycle.”

Such is the problem of potential security flaws in open source, Linux Foundation executive director Jim Zemlin said it puts the golden age of open source at risk.

How well do you know open source software? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Gloucester City Council Confirms ‘Cyber Incident’

Council IT services hit by so called 'sleeper' malware, with media reports pointing the finger…

17 hours ago

Gigabyte Broadband Pledge At Risk, Warns Spending Watchdog

UK pledge to close the digital divide of broadband services for urban and rural customers…

19 hours ago

UK To Address Marketing Of High Risk Crypto Investments

British financial watchdog says it will curb the marketing of cryptoassets and other high-risk investments,…

21 hours ago

Tesla Driver Charged With Manslaughter After Autopilot Crash

Criminal charges for the first time in fatal crash involving Tesla's Autopilot, as driver is…

23 hours ago