Cybersecurity Today – Osterman Research

Cybersecurity Today – Osterman Research Exposes Vulnerable Open-Source Software

2 Mins Read

PUREVPNIndustry NewsCybersecurity Today – Osterman Research Exposes Vulnerable Open-Source Software

Software is the backbone of nearly all digital processes today. You’re reading this with the help of embedded software on your device.

A white paper published by Osterman Research and sponsored by GrammaTech reveals several vulnerabilities in open-source components existing in commercial software.

Osterman Research Report

The software supply chain is under severe scrutiny and for the right reasons. It’s been a long time since importance and checks have been put in place to ensure that the software being exported or imported is free of vulnerabilities.

The findings in this research report reveal that readily available commercial software often contains open-source software components. Typically, the vendors of such software do not show specifics of the components used in the software, and that has become the industry norm.

No open-source software is risk-free. As such, several open-source components contain a range of known vulnerabilities that can be used as egress points for cyberattacks. This lack of awareness of open-source components used by organisations in commercial off-the-shelf software increases the security risk, attack surface, and potential for compromise by cybercriminals.

After rigorous testing, the results concluded that all applications in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components that put enterprise organisations at risk of cyberattacks.

Key Takeaways of the Report

Key takeaways of this research are:

  •       The Meetings and Email Client Categories Are the Most Vulnerable
  •       Open-Source Components Widely Used
  •       Components with Critical Vulnerabilities Commonly Used
  •       Newer Versions of Components Aren’t Always More Secure

You can find more details of the report here.

To conclude, buying commercial off-the-shelf software applications is not a risk-free idea. For numerous motives, vendors sneakily use open-source components within their applications, which typically include vulnerable components.

Entities should be put in place that tests the software for any vulnerabilities. A regulatory body could detect the presence of open-source components and identify the number and severity of vulnerabilities in each component.




June 20, 2023


1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.