Any attempt to try and provide a global view of the ecosystem's security health requires data. To help better understand how secure open source is and what we can all do to make it better, Snyk distributed and analyzed a survey that was filled out by more than 500 open source maintainers and users. Snyk also looked at their internal data based on more than 40,000 projects, as well as information published by Red Hat Linux and data we gathered by scanning millions of GitHub repositories and packages on registries. This report summarizes those findings.
The Open Web Application Security Project (OWASP) has published their list of the ten most critical Web Application security risks.
The OWASP Top 10 – 2017 is based primarily on 40+ data submissions from firms that specialize in application security and an industry survey that was completed by over 500 individuals. This data spans vulnerabilities gathered from hundreds of organizations and over 100,000 real-world applications and APIs. The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact.