It’s all too easy to include an open source library or module that provides useful functionality, but that isn’t compatible with modern security and privacy standards.
Southfield, MI (PRWEB) May 01, 2017
Future Hosting, a VPS hosting and dedicated server hosting provider, has warned developers of the security risks of using unmaintained open source projects in web sites and applications. The warning follows a report from Black Duck Software, which showed how common it is for vulnerabilities to be introduced to applications via unmaintained open source projects (as reported in eWeek on April 21, 2017).
Future Hosting advises companies that use open source components to create policies for the selection and monitoring of open source projects. At a minimum, they should check that every open source component is actively maintained and that its developers are responsive to security-related bug reports.
1,000 applications were examined and an average of 27 vulnerabilities were found in each, many in unmaintained open source components or from open source projects that don’t patch security vulnerabilities quickly or at all.
“We depend on open source software and so do many of our clients. Open source is an important part of the online economy, but businesses should be cautious,” said Maulesh Patel, VP of Operations of Future Hosting, “It’s all too easy to include an open source library or module that provides useful functionality, but that isn’t compatible with modern security and privacy standards.”
Startups and developers depend on open source software. Without open source, developing for the web would be prohibitively expensive and time-consuming. But without careful vetting of open source software, companies may expose themselves and their users to critical vulnerabilities.
The recent discovery of critical vulnerabilities in the unmaintained Drupal References Module provides a pointed example of what happens when developers don’t check the status of open source projects. References was installed on over 100,000 sites, creating a far-reaching security risk that could have been avoided if Drupal users had spent a few minutes verifying the status of the project.
About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com