One-Fifth of Open-Source Serverless Apps Have Critical Vulnerabilities

More than 20% of open-source serverless applications contain critical security vulnerabilities, according to an audit by PureSec. An evaluation of 1,000 open-source serverless projects revealed that 21% of them contained one or more critical vulnerabilities or misconfigurations, which could allow attackers to manipulate the application and perform various malicious actions. About 6% of the projects even had application secrets, such as application programming interface (API) keys or credentials, posted in their publicly accessible code repositories. According to the audit, most vulnerabilities and weaknesses were caused by poor development practices, lack of serverless security education and the copying and pasting of insecure sample code into real-world projects.