News

4/21/2017
12:26 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail

The Hidden Dangers of Component Vulnerabilities

Dangerous flaws in open source components and dependencies lurk within most applications today.
2 of 8

Components Make Up A Huge Part Of Modern Software

Today's development practices continue to evolve toward the fast iterations of smaller builds. Developers are using approaches like microservices to chunk out monolithic applications into a sum of more rational and reusable mix-and-match elements.

In many instances those elements are open-source components. According to a study out this week from Black Duck  that examined data from more than 1,000 enterprise applications, 96% of applications scanned contained open-source components. Not only are they present in most software today, but they make up a large percentage of that software's code base. According to some estimates, 80% of the average application today is made up of these components.

Image Source: https://www.sonatype.com/2017survey

Components Make Up A Huge Part Of Modern Software

Today's development practices continue to evolve toward the fast iterations of smaller builds. Developers are using approaches like microservices to chunk out monolithic applications into a sum of more rational and reusable mix-and-match elements.

In many instances those elements are open-source components. According to a study out this week from Black Duck that examined data from more than 1,000 enterprise applications, 96% of applications scanned contained open-source components. Not only are they present in most software today, but they make up a large percentage of that software's code base. According to some estimates, 80% of the average application today is made up of these components.

Image Source: https://www.sonatype.com/2017survey

2 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
divyap806
50%
50%
divyap806,
User Rank: Apprentice
4/26/2017 | 3:04:03 AM
The Hidden Dangers of Component Vulnerabilities
It's a very large attack surface for applications today and one which has increased chances of security headaches.anyways nice article worth reading thanks for sharing brief info
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
6 CISO Resolutions for 2019
Ericka Chickowski, Contributing Writer, Dark Reading,  12/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: When Harry Met Sally
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7690
PUBLISHED: 2018-12-13
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-7691
PUBLISHED: 2018-12-13
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-8033
PUBLISHED: 2018-12-13
The OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitati...
CVE-2018-20127
PUBLISHED: 2018-12-13
An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.
CVE-2018-20128
PUBLISHED: 2018-12-13
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.