Overview

Although Openopen-Source source projects have many advantages, one main disadvantage is that they might contain vulnerabilities that can directly affect their users.

The National Cybersecurity FFRDC, operated by the MITRE Corporation, maintains the system - CVE (Common Vulnerabilities and Exposures) system, and publishes on a regular basis new known open-source vulnerabilities which potentially affect thousands of users.

In addition, WhiteSource uses a proprietary patent-pending algorithm that matches the specific component with its vulnerability, resulting in a database that contains more than 175,000 vulnerabilities. These are collected on a daily basis from the National Vulnerability Database (NVD) and other resources and repositories such as RubyOnRails, RetireJS, NodeSecurity and GitHub issue tracker.

Vulnerability Types

There are two types of vulnerabilities:

...