DZone
Security Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Security Zone > Snyk Found Over Four Times More Vulnerabilities in RHEL, Debian, and Ubuntu

Snyk Found Over Four Times More Vulnerabilities in RHEL, Debian, and Ubuntu

It's time to evaluate the state of open-source security.

Liran Tal user avatar by
Liran Tal
CORE ·
May. 13, 19 · Security Zone · News
Like (2)
Save
Tweet
4.61K Views

Join the DZone community and get the full member experience.

Join For Free

Snyk recently released its annual State of Open-Source Security Report for 2019, which highlights the current landscape of open-source security, as a whole, and clearly illustrates that vulnerabilities in container images are no exception.

The report showed results from data collected in a recent survey of more than 500 open-source developers and maintainers, data from public application registries, library datasets, GitHub repositories, and Snyk’s comprehensive vulnerability database continuously pulling in data from hundreds of thousands of projects monitored and protected by Snyk.

Known Vulnerabilities in System Libraries

System libraries are, of course, common artifacts in operating systems, which Docker images are built upon. With more system libraries and tools bundled in a Docker image, the risk of finding a security vulnerability in the image increases.

Snyk tracked information about the state of security disclosures that were made public on some of the most popular Linux distributions, based on data Snyk gathered from cvedetails. Snyk found that security vulnerabilities in RedHat Enterprise Linux, Ubuntu, and Debian grew four-fold in 2018. That’s right, there’s no decimal place missing; it grew by almost three and a half times.

As can be seen in the graph Snyk compiled, the increase of new vulnerabilities being discovered in any of these distributions is growing very steeply.

As Snyk takes a look at a breakdown of vulnerabilities by their severity, you can see that 2017 and 2018 continue the trend in an increase in the number of high and critical vulnerabilities being disclosed.

Known Vulnerabilities in Docker Images

Docker images almost always bring known vulnerabilities alongside their great value.

The findings show that in every Docker image scanned, Snyk was able to find vulnerable versions of system libraries. Each of the top ten most popular default docker images contains at least 30 vulnerable system libraries, and the official Node.js image ships 580 vulnerable system libraries.


In Docker, the top ten images all carry dozens of vulnerable dependencies, greatly outnumbering the number of vulns found in the Dockerfile themselves. However, fixing these vulnerabilities can be a task this is easy to execute. Out of 44 percent of scanned docker images, Snyk found that it is possible to fix known vulnerabilities simply by updating their base image tag.

Most vulnerabilities come from libraries you don’t explicitly use. In most ecosystems, 75 percent or more of your dependencies are indirect, implicitly pulled in by the libraries you use and Snyk found that 78 percent of overall vulnerabilities tracked are from indirect dependencies.

As containers continue to explode onto the IT landscape in 2019, container security threats continue to present themselves, and organizations are now more than ever placing a higher level of importance on ensuring image security is a top priority.

You can find in the full report about The State of Open-Source Security for 2019 at https://snyk.io/opensourcesecurity-2019/.

Vulnerability Docker (software) Open source Debian ubuntu Library security

Published at DZone with permission of Liran Tal. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Container Orchestration Tools Comparison
  • Exhaustive JUNIT5 Testing with Combinations, Permutations, and Products
  • Pattern Matching for Switch
  • What Is Data Analytics? Understanding Data Analytics Techniques

Comments

Security Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo