An extensive analysis and report headlining the Linux Foundation website delve into the structural and security complexities presented by open source software. The study identifies the most commonly used free and open source applications used in the enterprise and their potential attack vectors. They highlight a number of Node.js and Maven packages that are frequently used. The work identifies their potential vulnerabilities and offers a plan to remedy the potential security risks.
The Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive but not always understood.
The full report is available here: ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.