Last Thursday GitHub launched a new initiative called Security Lab.
It’s an effort that seeks to provide researchers, maintainers of open source projects, developers, and organizations with a common venue for collaborating on security.
Fausto Oliveira, principal security architect at Acceptto, shared with DARKReading that unpatched vulnerabilities in open source code present a major threat to organizations. “The adoption of open source components permits companies to have a faster turnaround for their software projects at a cheaper cost,” he says.
“The downside is that adversaries are often as well informed or even better informed than security researchers of security vulnerabilities that are present in code components. “By having unpatched versions of open source components in production, an organization is offering a low-effort door into their infrastructure and services,” Oliveira says.