Osterman Research has published the results of a review of the use of open components with unpatched vulnerabilities in proprietary custom software (COTS). The study examined five categories of applications - web browsers, email clients, file sharing programs, instant messengers and online meeting platforms.
The results were disastrous - in all the studied applications, the use of open source with unpatched vulnerabilities was revealed, and in 85% of applications the vulnerabilities were critical. Most of the problems were found in online meeting applications and email clients.
In terms of open source, 30% of all discovered open source components had at least one known but unpatched vulnerability. Most of the identified problems (75.8%) were related to the use of outdated versions of the Firefox engine. In second place is openssl (9.6%), and in third is libav (8.3%).
The report does not detail the number of applications examined or which products were examined. However, there is a mention in the text that critical problems were identified in all applications except three, i.e. the conclusions were made on the basis of an analysis of 20 applications, which cannot be considered a representative sample. Recall that in a similar study conducted in June, it was concluded that 79% of third-party libraries built into the code are never updated and outdated library code causes security problems.
Source: opennet.ru