After reviewing 300 million lines of code in 2007, Palamida, a vulnerability audit and software risk management company, says it’s identified the five vulnerabilities most frequently overlooked by users in their open source code.
The five are listed in alphabetical order. Palamida did not attempt to assign a frequency ranking to the five, CEO Mark Tolliver said. Also, the Palamida list reflects known vulnerabilities that have been aired and fixed by their parent projects but are still encountered in the user base, such as businesses and government agencies. The projects named are not frequent offenders when it comes to security vulnerabilities, but their code is so widely used that unpatched vulnerabilities show up in Palamida’s enterprise and nonprofit agency software scans. In all cases, a patch is available to fix the vulnerability.
Open source code is “not any more vulnerable than commercial software” and in some cases, less so, said Tolliver. Open source projects tend to acknowledge their vulnerabilities and fix them promptly, he added.
The company conducts audits on enterprise software, spotting uses of open source and identifying origins of code. It both sells products to conduct audits and offers audit services and risk management consulting.