As further developments showed

[rakhirhif8963]

A similar story surfaced in 2014 with the American credit bureau Equifax. The company became the victim of a data leak of 145.5 million Americans, who “shared” with the attackers their social security numbers, dates of birth, home addresses, and driver’s license data. Equifax identified the open source project Apache Struts, whose server software the company used, as the culprit of the leak. In response to the accusations, the Apache Struts Project Management Committee stated that Equifax’s servers were hacked either because it failed to close a vulnerability on its servers, although a patch for it existed, or because hackers penetrated the victim’s network through an unspecified vulnerability (the so-called zero-day vulnerability).

this was precisely the first of the Apache Struts versions put forward, and the vulnerability (CVE-2017-5638) that affected Equifax customers was identified two months earlier by the US CERT team and a patch was released for it at about the same time, but Equifax network administrators never bothered to install it.

It should be noted that blaming open source software for the honduras mobile database number of vulnerabilities would be reckless, since part of the responsibility lies with organizations that are unwilling to install security patches within a reasonable time frame, especially in the case of critical bugs. It is possible that there are users who are unaware of which open source components interact with their systems and what update mechanism they use. The Equifax incident highlighted the importance of keeping systems up to date, but there are other open source bugs that companies for some reason fail to fix.