Last Years Open Source - Tomorrow's Vulnerabilities
Nov 01, 2022
Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: " given enough eyeballs, all bugs are shallow ." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and everyone to fix bugs, it's pretty safe. But is it? Or is the saying "all bugs are shallow" only true for shallow bugs and not ones that lie deeper? It turns out that security flaws in open source can be harder to find than we thought. Emil Wåreus, Head of R&D at Debricked , took it upon himself to look deeper into the community's performance. As the data scientist he is, he, of course, asked the data: how good is the open source community at finding vulnerabilities in a timely manner ? The thrill of the (vulnerability) hunt Finding open source vulnerabilities is typically done by the maintainers of the open source project, users, auditors, or external secur