Read the original article: Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers’ practices regarding vulnerability reporting, alerting and remediation. The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed. Additional findings Security vulnerabilities can impact software directly or through its dependencies. After examining a year-worth of data collected through its dependency graph, the … More
The post Open source vulnerabilities go undetected for over four years appeared first on Help Net Security.