Addressing security issues with open source

Open source software has gradually become an irreplaceable source of components for the development of new applications and online services. The reason is simple. Having tested and ready-to-use libraries of basic supports for the most common services of interface, data management, communication, and so on greatly simplify the work of developers, allowing them to devote more time to what creates value and innovation. The use of open source components and libraries today unites both commercial and custom software to the point that, according to expert estimates, more than 50% of the application code in the four main ecosystems (Java, Javascript, Python, and .NET) is consisting of open source.

A choice that benefits the speed of release, standardization, and interoperability of what is developed but which, on the other hand, involves security risks. Applications and services created with the help of open source inherit the vulnerabilities present in the libraries used. Libraries that are widespread in applications become a profitable target for the creation of specific exploits by cybercrime. Last December, a serious vulnerability was discovered in Apache’s log4j library (a logging utility) that allowed for software injection attacks, which undermined many online services, with malware stealing data or taking over the system.

An incident similar to the one that occurred a few years ago with Hearthbleed, a bug in the support libraries for OpenSSL (the most popular network protocol for creating secure Web communication channels) that allowed attackers to breach encrypted information. All problems are solved with library updates but, according to data from Veracode’s State of Software Security Open Source Edition 2021, as many as 79% of applications in use are based on outdated open source libraries. Unresolved vulnerabilities remain a serious security threat, which becomes apparent when the company opens its network to smart working, the use of cloud applications, or digital integration with the supply chain. BinHexS has put in its portfolio services for the modernization of data centers, which include the management of all phases of projects: from design to security on cloud and hybrid infrastructures. BinHexS is also able to offer managed services, with service desks operating 24×7.