Advertisement
Live broadcast

About 50% of popular open source software development libraries contain vulnerabilities

0
Photo: TASS/Khirill Kukhmar
Озвучить текст
Select important
On
Off

Every second of the popular open source software development libraries (where developers take available tools to create new products) contained a vulnerability in one of their versions, experts told Izvestia.

Rat race: programs like RAT have become the most popular with hackers
Attackers use them to steal credentials and payment information

Open source software is a kind of lottery, said the head of the audit and consulting department of the F.A.C.C.T. company. Evgeny Yanov. Open source code gives attackers a chance to scrutinize it and find vulnerabilities they can exploit for misconduct, he said.

"For the average user, the danger is that vulnerabilities can be used to steal data, finances, infect devices with malware or other forms of attacks. For example, if an application on a smartphone uses a vulnerable library, attackers can exploit it and gain full control over the user's data," said Oleg Ulanov, an expert in the direction of security analysis at Infosecurity (Softline Group of Companies).

For developers, the risks are even greater - hackers can attack the infrastructure of companies through them, which is fraught with complete compromise of user data, disruption of business processes up to loss of business, he said. In addition, the exploitation of vulnerabilities by attackers leads to reputational losses, which will certainly affect the financial well-being of the company.

Anton Kutepov, head of IS community development at PositiveTechnologies, believes that the consequences of such vulnerabilities can range from minor to extremely serious, including data leaks. However, reputational risks are still an important aspect for developers who use open source libraries. If a vulnerability is discovered, the most important thing is to quickly update the version in use, he explained.

Microsoft, for example, has established a mechanism for promptly fixing such problems and has a program to encourage researchers who report to the vendor about the vulnerabilities found, the expert added. In total, according to Kaspersky Lab, more than 12,000 vulnerable open-source solutions are known today.

Audit of used solutions is extremely important, added Oleg Ulanov from Infosecurity, checking the code of third-party and proprietary libraries for security helps to identify in advance the weaknesses that can be eliminated before use. For this purpose, third-party security analysis specialists can be engaged to provide a detailed report with recommendations, he added. Apart from this, regular tracking of vulnerabilities in the libraries in use and updating them is important, he added.

Read more in Izvestia's exclusive article:

You can't attack: half of software development libraries contain vulnerabilities

Переведено сервисом «Яндекс Переводчик»

Live broadcast
Subscribe and get the news first
VK
Menu
Advertisement
RSS

Copyright for the iz.ru portal content visualisation system, as well as for the source data, including texts, photos, audio and video materials, graphic images, other works and trademarks, belongs to "MIC Izvestia" LLC

Partial quotation is possible only with a hyperlink to en.iz.ru

The site is operated with the financial support of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.

The advertiser is responsible for the content of any advertising materials posted on the portal.

The news, analytics, forecasts and other materials presented on this website do not constitute an offer or recommendation to buy or sell any assets.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Certificates of registration Certificate of registration: EL № FS 77 - 76208 dated July 8, 2019. , Certificate of registration: EL № FS 77 - 72003 dated December 26, 2017.

All rights reserved © «MIC «Izvestia» LLC, 2025