SlideShare a Scribd company logo

The State of Open Source Vulnerabilities Management

S
SBWebinars

Open source security vulnerabilities are increasing, with a reported rise of over 50% in 2017, yet efficient management is hindered by a lack of standard practices and tools. Developers face challenges in addressing these vulnerabilities, spending an average of 15 hours a month, and prioritization based on usage analysis can lead to significant reductions in security alerts. A focus on effective vulnerabilities, rather than all reported ones, can enhance development efficiency and security.

Technology
Related topics:
Vulnerability Management
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
THE STATE OF OPEN SOURCE VULNERABILITIES MANAGEMENT Presented by: Rami Elron, Senior Director of Product Management at WhiteSource
Key Findings: 1 Reported open source security vulnerabilities are on the rise. 2 The absence of standard practices and developer- focused tools lead to inefficient handling of open source vulnerabilities. 3 Prioritization is crucial to ensure companies address the most critical vulnerabilities on time. 4 Prioritization based on usage analysis can reduce security alerts by 70% to 85%.
OPEN SOURCE SECURITY VULNERABILITIES ARE ON THE RISE 1
The number of disclosed open source vulnerabilities rose by over 50% in 2017 NUMBER OF REPORTED OPEN SOURCE VULNERABILITIES ROSE BY 51.2% IN 2017
FREQUENCY OF USE OF OPEN SOURCE COMPONENTS of developers rely on open source components 96.8%
of all open source projects are vulnerable, but when it comes to the most popular open source projects… 7.5%
But, it's not all bad. The rise in awareness also led to a sharp rise in suggested fixes… of all reported vulnerabilities have at least one suggested fix in the open source community 97.4%
Information about vulnerabilities is scattered across hundreds of resources, usually poorly indexed and therefore unsearchable OF REPORTED OPEN SOURCE VULNERABILITIES APPEAR IN THE CVE DATABASE 86% OVER
DEVELOPERS ARE NOT EFFICIENTLY MANAGING OPEN SOURCE VULNERABILITIES 2
Developers rated security vulnerabilities as the #1 challenge when using open source components TOP CHALLENGES IN USING OPEN SOURCE COMPONENTS
Developers spend 15 hours each month dealing with open source vulnerabilities (e.g. reviewing, discussing, addressing, remediating, etc.) The cost is even higher, considering that the more experienced developers are the ones remediating HOURS SPENT ON OPEN SOURCE VULNERABILITIES PER DEVELOPERS' EXPERIENCE
WHAT DO YOU DO WHEN A VULNERABILITY IS FOUND? 1.0% 34.1% 13.3% 18.7% 33.0% Out of the monthly 15 hours only 3.8 hours are invested in remediation. The lack of set practices and tools can explain these inefficiencies.
PRIORITIZATION IS KEY TO OPEN SOURCE VULNERABILITY MANAGEMENT 3
Perfect security is impossible. Zero risk is impossible. We must bring prioritization of application vulnerabilities to DevSecOps. In a futile attempt to remove all possible vulnerabilities from applications, we are slowing developers down and wasting their time chasing issues that aren’t real. 10 Things to Get Right for Successful DevSecOps Neil MacDonald, Gartner
25.2% 11.6% 15.1% 17.3% Survey results show that developers prioritize remediation of vulnerabilities based on available information, not necessarily on the impact of a vulnerability on the security of an application. 14.7% 16.2%
Security teams analyze and prioritize vulnerabilities Sending emails or opening issues/tickets Closing the loop on resolution is hard The Common Way of Handling Security Vulnerabilities
Bridging the Gap is a Must Security DevOps Developers
WhiteSource Software Confidential ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Reported Vulnerabilities Can you really handle all of them? Which ones constitute a real risk? Which ones should be addressed first? Effective Vulnerabilities Less to deal with. Much less.vs. The Secret to Prioritization: Reported Vulnerabilities are not Necessarily EFFECTIVE Focusing on Effective Vulnerabilities Could Enable: Better development efficiency Better development effectiveness Better security
A new approach to prioritizing vulnerabilities - based their impact on an application’s security EFFECTIVE VULNERABILITY If the proprietary code is making calls to the vulnerable functionality INEFFECTIVE VULNERABILITY If the proprietary code is NOT making calls to the vulnerable functionality EFFECTIVE VS INEFFECTIVE VULNERABILITIES IN A COMPONENT
After testing 2,000 Java applications, WhiteSource found that 72% of all detected vulnerabilities were deemed ineffective. Based on the data collected in our survey, this can be translated to saving 10.5 hours per month per each developer (70% of 15 monthly hours).
EFFECTIVE USAGE ANALYSIS 4
Effective Usage Analysis is the technology of prioritizing open source vulnerabilities based on the way they are used by the application. Our beta testing on 25 commercial applications from 12 organizations showed that: analyzed projects were found to be vulnerable of the vulnerabilities (effective and ineffective) were found in transitive dependencies of all vulnerability alerts were found to be ineffective of all analyzed projects were found to contain only ineffective vulnerabilities ALL 90% 86% 64%
Q&A

More Related Content

PDF
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
FINOS
 
PDF
The State of Open Source Vulnerabilities Management
WhiteSource
 
PDF
Taking Open Source Security to the Next Level
SBWebinars
 
PPTX
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
PDF
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
 
PDF
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
PPTX
Supply Chain Solutions for Modern Software Development
Sonatype
 
PDF
Information Security Incidents Survey in Russia
Positive Hack Days
 
OSSF 2018 - David habusha of Whitesource - Open Source Vulnerabilities 101
FINOS
 
The State of Open Source Vulnerabilities Management
WhiteSource
 
Taking Open Source Security to the Next Level
SBWebinars
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
Supply Chain Solutions for Modern Software Development
Sonatype
 
Information Security Incidents Survey in Russia
Positive Hack Days
 

What's hot (20)

PDF
Webinar: Systems Failures Fuel Security-Focused Design Practices
Synopsys Software Integrity Group
 
PPTX
One login enemy at the gates
Eoin Keary
 
PPTX
Accelerating Innovation with Software Supply Chain Management
Sonatype
 
PDF
Why happier developers create more secure code
DJ Schleen
 
PDF
Increasing DevSecOps Maturity Level in 2021
Alexandre Rebert
 
PPTX
Four things that are almost guaranteed to reduce the reliability of a softwa...
Ann Marie Neufelder
 
PDF
Risks in the Software Supply Chain
Mark Sherman
 
PDF
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Sonatype
 
PDF
5 things about os sharon webinar final
DevOps.com
 
PPTX
Need Of security in DevOps
Manasi Mali
 
PDF
Applying Software Quality Models to Software Security
CAST
 
PDF
Deep Dive into Container Security
WhiteSource
 
PDF
Security & DevOps - What We Have Here Is a Failure to Communicate!
DevOps.com
 
PDF
Sonatype's 2013 OSS Software Survey
Sonatype
 
PPTX
Live 2014 Survey Results: Open Source Development and Application Security Su...
Sonatype
 
PDF
Stu r35 a
SelectedPresentations
 
PDF
Inauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Martin Pinzger
 
PPTX
Continuous Acceleration with a Software Supply Chain Approach
Sonatype
 
PPTX
Strengthening cyber resilience with Software Supply Chain Visibility
Sonatype
 
PDF
Veracode Corporate Overview - Print
Andrew Kanikuru
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Synopsys Software Integrity Group
 
One login enemy at the gates
Eoin Keary
 
Accelerating Innovation with Software Supply Chain Management
Sonatype
 
Why happier developers create more secure code
DJ Schleen
 
Increasing DevSecOps Maturity Level in 2021
Alexandre Rebert
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Ann Marie Neufelder
 
Risks in the Software Supply Chain
Mark Sherman
 
Infographic: Heartbleed - Everything Was Secure Until, Suddenly, It Wasn't
Sonatype
 
5 things about os sharon webinar final
DevOps.com
 
Need Of security in DevOps
Manasi Mali
 
Applying Software Quality Models to Software Security
CAST
 
Deep Dive into Container Security
WhiteSource
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
DevOps.com
 
Sonatype's 2013 OSS Software Survey
Sonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Sonatype
 
Stu r35 a
SelectedPresentations
 
Inauguration lecture Martin Pinzger, University of Klagenfurt, Austria
Martin Pinzger
 
Continuous Acceleration with a Software Supply Chain Approach
Sonatype
 
Strengthening cyber resilience with Software Supply Chain Visibility
Sonatype
 
Veracode Corporate Overview - Print
Andrew Kanikuru
 
Ad

Similar to The State of Open Source Vulnerabilities Management (20)

PDF
Taking Open Source Security to the Next Level
WhiteSource
 
PPTX
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
PDF
PDF The complete guide to developer first application security By Github.Co...
eivimayuyu
 
PPTX
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
PPTX
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
PPTX
Intelligence on the Intractable Problem of Software Security
Tyler Shields
 
PPTX
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
AnnaBtki
 
PDF
Aliens in Your Apps!
All Things Open
 
PDF
We are excited to announce that our new State of Software Security (SOSS) rep...
Ampliz
 
PDF
The State of Software Security 2022 SOSS - Solution
NeelKamalSingh8
 
PPTX
Software Security Assurance for DevOps
Black Duck by Synopsys
 
PPTX
Software Security Assurance for Devops
Jerika Phelps
 
PPTX
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
PDF
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
Sonatype
 
PDF
Case Closed with IBM Application Security on Cloud infographic
IBM Security
 
PPTX
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
PPTX
Why Patch Management is Still the Best First Line of Defense
Lumension
 
PPTX
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
PPTX
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
PPTX
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
matthewabq
 
Taking Open Source Security to the Next Level
WhiteSource
 
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
 
PDF The complete guide to developer first application security By Github.Co...
eivimayuyu
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
Intelligence on the Intractable Problem of Software Security
Tyler Shields
 
How do YOU compare to others in Mobile DevOps Performance, Productivity, and ...
AnnaBtki
 
Aliens in Your Apps!
All Things Open
 
We are excited to announce that our new State of Software Security (SOSS) rep...
Ampliz
 
The State of Software Security 2022 SOSS - Solution
NeelKamalSingh8
 
Software Security Assurance for DevOps
Black Duck by Synopsys
 
Software Security Assurance for Devops
Jerika Phelps
 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
Sonatype
 
Case Closed with IBM Application Security on Cloud infographic
IBM Security
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
Why Patch Management is Still the Best First Line of Defense
Lumension
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
The Illusion of Control: Seven Deadly Wastes in Your Devops Practice
matthewabq
 
Ad

More from SBWebinars (20)

PDF
Securing Mobile Apps, From the Inside Out
SBWebinars
 
PPTX
SAP Concur’s Cloud Journey
SBWebinars
 
PDF
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
PPTX
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
PDF
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
PPTX
The Next Generation of Application Security
SBWebinars
 
PDF
You're Bleeding. Exposing the Attack Surface in your Supply Chain
SBWebinars
 
PDF
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
SBWebinars
 
PDF
Top 10 Threats to Cloud Security
SBWebinars
 
PDF
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
PDF
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 
PDF
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
PDF
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
SBWebinars
 
PDF
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
PDF
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 
PDF
Flow Metrics: What They Are & Why You Need Them
SBWebinars
 
PDF
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
PDF
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
 
PDF
Take a Bite Out of the Remediation Backlog
SBWebinars
 
PDF
The Trick to Passing Your Next Compliance Audit
SBWebinars
 
Securing Mobile Apps, From the Inside Out
SBWebinars
 
SAP Concur’s Cloud Journey
SBWebinars
 
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
The Next Generation of Application Security
SBWebinars
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
SBWebinars
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
SBWebinars
 
Top 10 Threats to Cloud Security
SBWebinars
 
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
SBWebinars
 
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 
Flow Metrics: What They Are & Why You Need Them
SBWebinars
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
 
Take a Bite Out of the Remediation Backlog
SBWebinars
 
The Trick to Passing Your Next Compliance Audit
SBWebinars
 

Recently uploaded (20)

PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
KodekX | Application Modernization Development
KodekX
 
Approach and Philosophy of On baking technology
30anthuong17
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 

The State of Open Source Vulnerabilities Management

  • 1. THE STATE OF OPEN SOURCE VULNERABILITIES MANAGEMENT Presented by: Rami Elron, Senior Director of Product Management at WhiteSource
  • 2. Key Findings: 1 Reported open source security vulnerabilities are on the rise. 2 The absence of standard practices and developer- focused tools lead to inefficient handling of open source vulnerabilities. 3 Prioritization is crucial to ensure companies address the most critical vulnerabilities on time. 4 Prioritization based on usage analysis can reduce security alerts by 70% to 85%.
  • 4. The number of disclosed open source vulnerabilities rose by over 50% in 2017 NUMBER OF REPORTED OPEN SOURCE VULNERABILITIES ROSE BY 51.2% IN 2017
  • 5. FREQUENCY OF USE OF OPEN SOURCE COMPONENTS of developers rely on open source components 96.8%
  • 6. of all open source projects are vulnerable, but when it comes to the most popular open source projects… 7.5%
  • 7. But, it's not all bad. The rise in awareness also led to a sharp rise in suggested fixes… of all reported vulnerabilities have at least one suggested fix in the open source community 97.4%
  • 8. Information about vulnerabilities is scattered across hundreds of resources, usually poorly indexed and therefore unsearchable OF REPORTED OPEN SOURCE VULNERABILITIES APPEAR IN THE CVE DATABASE 86% OVER
  • 9. DEVELOPERS ARE NOT EFFICIENTLY MANAGING OPEN SOURCE VULNERABILITIES 2
  • 10. Developers rated security vulnerabilities as the #1 challenge when using open source components TOP CHALLENGES IN USING OPEN SOURCE COMPONENTS
  • 11. Developers spend 15 hours each month dealing with open source vulnerabilities (e.g. reviewing, discussing, addressing, remediating, etc.) The cost is even higher, considering that the more experienced developers are the ones remediating HOURS SPENT ON OPEN SOURCE VULNERABILITIES PER DEVELOPERS' EXPERIENCE
  • 12. WHAT DO YOU DO WHEN A VULNERABILITY IS FOUND? 1.0% 34.1% 13.3% 18.7% 33.0% Out of the monthly 15 hours only 3.8 hours are invested in remediation. The lack of set practices and tools can explain these inefficiencies.
  • 13. PRIORITIZATION IS KEY TO OPEN SOURCE VULNERABILITY MANAGEMENT 3
  • 14. Perfect security is impossible. Zero risk is impossible. We must bring prioritization of application vulnerabilities to DevSecOps. In a futile attempt to remove all possible vulnerabilities from applications, we are slowing developers down and wasting their time chasing issues that aren’t real. 10 Things to Get Right for Successful DevSecOps Neil MacDonald, Gartner
  • 15. 25.2% 11.6% 15.1% 17.3% Survey results show that developers prioritize remediation of vulnerabilities based on available information, not necessarily on the impact of a vulnerability on the security of an application. 14.7% 16.2%
  • 16. Security teams analyze and prioritize vulnerabilities Sending emails or opening issues/tickets Closing the loop on resolution is hard The Common Way of Handling Security Vulnerabilities
  • 17. Bridging the Gap is a Must Security DevOps Developers
  • 18. WhiteSource Software Confidential ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Reported Vulnerabilities Can you really handle all of them? Which ones constitute a real risk? Which ones should be addressed first? Effective Vulnerabilities Less to deal with. Much less.vs. The Secret to Prioritization: Reported Vulnerabilities are not Necessarily EFFECTIVE Focusing on Effective Vulnerabilities Could Enable: Better development efficiency Better development effectiveness Better security
  • 19. A new approach to prioritizing vulnerabilities - based their impact on an application’s security EFFECTIVE VULNERABILITY If the proprietary code is making calls to the vulnerable functionality INEFFECTIVE VULNERABILITY If the proprietary code is NOT making calls to the vulnerable functionality EFFECTIVE VS INEFFECTIVE VULNERABILITIES IN A COMPONENT
  • 20. After testing 2,000 Java applications, WhiteSource found that 72% of all detected vulnerabilities were deemed ineffective. Based on the data collected in our survey, this can be translated to saving 10.5 hours per month per each developer (70% of 15 monthly hours).
  • 22. Effective Usage Analysis is the technology of prioritizing open source vulnerabilities based on the way they are used by the application. Our beta testing on 25 commercial applications from 12 organizations showed that: analyzed projects were found to be vulnerable of the vulnerabilities (effective and ineffective) were found in transitive dependencies of all vulnerability alerts were found to be ineffective of all analyzed projects were found to contain only ineffective vulnerabilities ALL 90% 86% 64%
  • 23. Q&A