Nearly all (95%) open source vulnerabilities are found in transitive or indirect dependencies, according to a new report from Endor Labs that highlights the challenges of remediation in these environments. To better understand the security impact of dependencies in open source environments, Endor Labs analyzed the Census II report, described as containing a list of the most popular open source components used in apps today.

Read full article on Infosecurity