GitHub's report on open-source security
Analysis on a random sample of 521 advisories from across our six ecosystems finds that 17% of the advisories are related to explicitly malicious behavior such as backdoor attempts. Of those 17%, the vast majority come from the npm ecosystem. While 17% of malicious attacks will steal the spotlight in security circles, vulnerabilities introduced by mistake can be just as disruptive and are much more likely to impact popular projects. Out of all the alerts GitHub sent developers notifying them of vulnerabilities in their dependencies, only 0.2% were related to explicitly malicious activity. That is, most vulnerabilities were simply those caused by mistakes."
Posted Dec 5, 2020 21:13 UTC (Sat)
by alfille (subscriber, #1631)
[Link]
Posted Dec 6, 2020 16:58 UTC (Sun)
by LtWorf (subscriber, #124958)
[Link]
I think the stats should be separated by language to be more meaningful.
Plus 521 advisories is very small… their automation supposedly should do this job for all dependencies… why would they need to take a sample?
Posted Dec 7, 2020 12:15 UTC (Mon)
by xophos (subscriber, #75267)
[Link]
Posted Jan 20, 2021 14:14 UTC (Wed)
by dmytrish (guest, #85653)
[Link]
GitHub's report on open-source security
GitHub's report on open-source security
GitHub's report on open-source security
GitHub's report on open-source security