Open source code, staggering neglected security vulnerabilities-open source, open source software-IT information

IT information refer to source code, many companies are happy to use because of low cost, but also very easy to use. But it was widely used, open source code vulnerabilities exist in, they are used in the enterprise application software also rose, the resulting number of software vulnerabilities are also very amazing.

According to Sonatype source managed services company estimated that 80% to 90% of the code is actually open source enterprise application components are imported directly from the open code base, but many companies only check the content of these. Sonatype 3,000 organizations are analyzed more than 25,000 enterprise-class applications, found that more than one firm each year downloaded more than 5,000 different open source components, the oldest component contains the highest risk of security vulnerabilities.

It is reported that if one by one to troubleshoot and fix software vulnerabilities used by existing companies, you will need to cost a lot of money, I am afraid that many enterprises can hardly afford, but if these vulnerabilities to security issues, the loss is immeasurable.

开源代码，被忽视的安全漏洞数量惊人 - 开源,开源软件 - IT资讯

IT资讯讯 提到开源代码，很多企业都乐于使用，原因是成本很低，而且也很好用。不过正是由于使用广泛，如果开源代码中存在漏洞，它们被用到企业应用软件中的几率也随之上升，由此产生的软件漏洞数量也十分惊人。

根据源码托管服务公司Sonatype估计，80%到90%的企业应用代码实际上是由开源组件构成，是从公开代码库直接导入的，而很多企业却很少对这些内容进行检查。Sonatype分析了3000家机构的超过2.5万企业级应用，发现其中一家企业每年下载了5000多个不同的开源组件，之中年代最悠久的组件包含安全漏洞的几率也最高。

据悉，如果一一排查和修复现有各家企业使用的软件漏洞，那么将需要耗费大量资金，恐怕很多企业都难以负担得起，但如果这些漏洞引发安全问题，这个损失也是难以估量的。