Most of the popular applications we use today are built upon open-source libraries – free code repositories that help developers to create readymade applications. But, how safe are those libraries? According to a recent report, not very.
Almost 70 percent of apps in common use were found to have flaws in an open-source library on the first scan. Out of all scanned applications, 97.4 percent were found to have an unfixed flaw in an external library.
Open-source code: Blessing or curse?
The research suggests that an application’s attack surface is not just limited to its own code. As developers create an application, they add in open-source libraries that contain vulnerabilities with transitive dependencies. These refer to libraries that rely on code from other libraries. Hence the final code could contain dependencies on other libraries. It becomes increasingly difficult to manage vulnerabilities for libraries with several dependencies as a single flaw in a library has the potential to cascade across the entire application.
The issue is more pronounced for open-source libraries as they are freely accessible to everyone. Hence it is extremely difficult to monitor whether these libraries have been updated. As the complexity of applications increases and deadlines become stiffer, developers have to resort to guesswork and hope that the code they are using is vulnerability-free.
Patch your applications regularly
What does it all mean for the end-user? The report concluded by stating that despite the revelation that 70% of apps in common use may have security flaws, it was not a cause for panic as 90% of vulnerabilities with published exploits could easily be fixed by a minor update or patch. While app developers are responsible for managing their code and ensuring vulnerability-free applications, most of the major developers usually release regular updates to patch detected problems.
For users, hence, patching your favorite applications becomes all the more important. Whether it’s your phone or your laptop, ensure your operating system is updated to the latest version and keep ensuring you update patches for all your applications as soon as they come out.
As an extension of the above point, it’s also recommended to invest in a cybersecurity solution for your devices which ensures you are aware of any vulnerabilities present in your system. Quick Heal’s range of solutions are designed to keep you update with all your applications and nudge you to download patches to fix vulnerabilities that may exist in your system. Quick Heal Total Security offers a complete package when it comes to home security – Safe Banking enables your financial data remains protected, Parental Controls ensure you can manage your children’s internet access while features like Vulnerability Scan and Malware Detection keeps your system up to date and running.