Osterman Research Posted Results use of open components with defective immunity In proprietary software, customized ( Cots ). The study examined five categories of applications – Web browsers, mail clients, file sharing programs, messengers and platforms for online meetings.
Results were crying – in all studied applications, the use of an open code with unknown vulnerabilities was revealed, and 85% of the vulnerability applications were critical. The most problems were found in online meetings and email applications.
As for the open code, in 30% of all discovered open components, at least one known, but defective vulnerability was revealed. Most of all identified problems (75.8%) was associated with the use of outdated versions of the Firefox engine. In second place – OpenSSL (9.6%), and on the third – libav (8.3%).
The report does not detail the number of applications studied and which products were investigated. However, the text has a mention that critical problems have been identified in all applications other than three, i.e. conclusions are made on the basis of an analysis of 20 applications, which cannot be considered a representative sample. Recall that in the studied study in June, it was concluded that 79% of the third-party code embedded in the code is never updated and the outdated code of libraries becomes the cause of safety problems.