Research reveals where 95% of open source vulnerabilities lie

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. Open source vulnerabilities As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies – open-source code packages that developers do not select, but are indirectly pulled into projects. This is the first report from Station 9, a research … More →

The post …

don't miss endor labs open source openssf report research software supply chain vulnerabilities vulnerability