Open source software security challenges persist

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

plastic soldiers
Thinkstock

This year's Equifax breach was a reminder that open source software and components pose a giant risk to enterprise security despite their many benefits, especially when not properly maintained.

In April, researchers at Flashpoint Intelligence said criminals were using brute-force password attacks against the popular open source Magento ecommerce platform, leveraging the compromised access to scrape credit card records and install malware focused on cryptocurrency mining.

The researchers discovered at least 1,000 compromised Magento admin panels and said interest in the platform on the deep web and dark web has continued unabated since 2016. Moreover, there is also a noted interest in Powerfront CMS and OpenCart.

Open source code has grown in popularity over the years and is used by companies of all sizes, in all industry verticals.

Aside from the widely-known open source operating systems on the market, enterprise users also leverage open source productivity software, tools for administrators and developers, and various code libraries used to build their own software. Even commercial software is typically built on a foundation of open source code.

To continue reading this article register now

Microsoft's very bad year for security: A timeline