Garment Software and customization are often unsafe due to be easy ready-made components are used whose quality is not adequately controlled
.
This is the finding of Sonatype , a company that maintains a repository infrastructure under which hundreds of thousands of open source Java components down. Last year 240 757 components therefrom downloaded by large software companies and financial institutions. The study of Sonatype shows that contain more than 7.5 percent of them, or around 15,000 components known vulnerabilities, reports Computerworld.
Sonatype host the Central Repository, but not managing it, and has no control over what goes in and out. According Sonatype research, many software developers also did not indicate whether components are processed with a known vulnerability because a balanced inventory of components used often lacking.
Sonatype analyzed 29 financial institutions and technology companies, the top 100 most downloaded components over 2014. This shows that they used on average 27 different versions of each component. It can be concluded that they use outdated and potentially vulnerable versions in many cases. In one case appeared developers have downloaded at a financial institution even 51 of the 58 available versions of the Spring Application Framework. According Sonatype this is indicative of the sloppy inventory tracking software developers. The problem is not new, but growing in size by the speed with which software should be ready, suggests Sonatype,
No comments:
Post a Comment