[IPP] Fwd: [info] GitHub's report on open-source security

[IPP] Fwd: [info] GitHub's report on open-source security

Ira McDonald blueroofmusic at gmail.com
Mon Dec 7 23:03:45 UTC 2020


*GitHub's report on open-source security*

Dec 4, 2020

GitHub has released its "2020 State of the Octoverse" report
<https://octoverse.github.com/>; one piece of that is a report on security
[PDF] <https://octoverse.github.com/static/2020-security-report.pdf>. There
are several interesting conclusions there, including that a surprising
number of security vulnerabilities are planted deliberately. "Analysis on a
random sample of 521 advisories from across our six ecosystems finds that 17%
of the advisories are related to explicitly malicious behavior such as
backdoor attempts. Of those 17%, the vast majority come from the npm
ecosystem. While 17% of malicious attacks will steal the spotlight in
security circles, vulnerabilities introduced by mistake can be just as
disruptive and are much more likely to impact popular projects. Out of all
the alerts GitHub sent developers notifying them of vulnerabilities in
their dependencies, only 0.2% were related to explicitly malicious
activity. That is, most vulnerabilities were simply those caused by
mistakes."

https://lwn.net/Articles/838965
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201207/c8c62318/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 199488 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201207/c8c62318/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 351005 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201207/c8c62318/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GitHub 2020 security report.pdf
Type: application/pdf
Size: 1345996 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201207/c8c62318/attachment.pdf>


More information about the ipp mailing list