'The Linux Foundation's Core Infrastructure Initiative (CII) and the
Laboratory for Innovation Science at Harvard (LISH) have revealed --
in "Vulnerabilities in the Core, a preliminary report and Census II of
open-source software" -- the most frequently used components and the
vulnerabilities they share. From a report:
This Census II analysis and report is the first major study of its
kind but isn't a final analysis. It takes important first steps and
lays out a methodology for understanding and addressing open-source
software structural and security complexities. Specifically, it also
identifies the most commonly used free and open-source software (FOSS)
components in production applications and examines them for potential
vulnerabilities. To create this work, CII and LISH partnered with
Software Composition Analysis (SCAs) and application security
companies such as Snyk and Synopsys Cybersecurity Research Center.
They combined private usage data with publicly available datasets for
identifying over 200 of the most used open-source software projects.
These are not the programs -- Apache, MySQL, Linux -- that probably
spring to your mind. For all their foundational importance, it's the
small building block programs that are most widely used. They may be
small, sometimes less than a hundred lines of code (LoC), but they're
vital. As Frank Nagle, a professor at Harvard Business School and
co-director of the Census II project, said: "FOSS was long seen as the
domain of hobbyists and tinkerers. However, it has now become an
integral component of the modern economy and is a fundamental building
block of everyday technologies like smart phones, cars, the Internet
of Things, and numerous pieces of critical infrastructure.
Understanding which components are most widely used and most
vulnerable will allow us to help ensure the continued health of the
ecosystem and the digital economy."'
-- source: https://news.slashdot.org/story/20/02/20/1349241
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174