View Single Post
  #1   (View Single Post)  
Old 1st April 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Repositories offer up vulnerable libraries says report

From http://h-online.com/-1498138

Quote:
A report by Aspect Security and Sonatype analysed 113 million downloads of 31 popular open source Java frameworks and security libraries and found that, of those downloads, 26% of them had a known vulnerability. The report says that this highlights the fact that organisations don't have good procedures or tools for ensuring that the libraries they use when building applications are up to date. The study looked at 31 libraries which had 1,261 different versions of themselves held in the "Central Repository", a service for Apache Maven users run by Sonatype.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote