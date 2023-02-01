Wilmington, DE, Feb. 01, 2023 (GLOBE NEWSWIRE) — The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 open source projects and initiatives, today announces the release of the 2022 Apache Software Foundation Security Report .

The ASF Security Report explores the state of security across all ASF projects for a given calendar year. To prepare the report, the ASF Security Committee reviews key metrics (e.g. emails received, vulnerability reports, website reports and support questions), specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues in 2022. This includes how the committee oversees and coordinates the handling of vulnerabilities across more than 350 Apache projects and more than 400 emails with at least 11 new vulnerability reports every week.

Highlights from the 2022 ASF Security Report include:

Processed nearly 600 vulnerability reports across 122 projects and published 210 CVE entries;

Introduced a new workflow allowing vulnerabilities to be published instantly by the security team to cve.org ; and

; and Hired a dedicated ASF administrator to work on vulnerability issue handling alongside the volunteer security committee;

“Security is our highest priority at the Apache Software Foundation. It is imperative that the ASF has structures and processes in place that continue to make us a trustworthy partner for the projects, developers, and stewards we serve,” said Mark Cox, Vice President Security, The Apache Software Foundation. “Our work this past year represents tremendous effort and collaboration that has yielded improved processes; increased resources; and gained efficiencies. We very much look forward to continuing this mission critical work.”

ADDITIONAL RESOURCES

View the 2022 Security Report

The Apache Software Foundation Security Committee welcomes reports from anyone finding Apache project security issues to the private list security@apache.org ; comments on this report to the public list security-discuss@community.apache.org ; or read more about the process at https://apache.org/security/

