The Apache Software Foundation Releases 2022 Security Report

Wilmington, DE, Feb. 01, 2023 (GLOBE NEWSWIRE) — The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 open source projects and initiatives, today announces the release of the 2022 Apache Software Foundation Security Report.

The ASF Security Report explores the state of security across all ASF projects for a given calendar year. To prepare the report, the ASF Security Committee reviews key metrics (e.g. emails received, vulnerability reports, website reports and support questions), specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues in 2022. This includes how the committee oversees and coordinates the handling of vulnerabilities across more than 350 Apache projects and more than 400 emails with at least 11 new vulnerability reports every week.

Highlights from the 2022 ASF Security Report include:

  • Processed nearly 600 vulnerability reports across 122 projects and published 210 CVE entries;
  • Introduced a new workflow allowing vulnerabilities to be published instantly by the security team to; and
  • Hired a dedicated ASF administrator to work on vulnerability issue handling alongside the volunteer security committee;

“Security is our highest priority at the Apache Software Foundation. It is imperative that the ASF has structures and processes in place that continue to make us a trustworthy partner for the projects, developers, and stewards we serve,” said Mark Cox, Vice President Security, The Apache Software Foundation. “Our work this past year represents tremendous effort and collaboration that has yielded improved processes; increased resources; and gained efficiencies. We very much look forward to continuing this mission critical work.”


  • View the 2022 Security Report

The Apache Software Foundation Security Committee welcomes reports from anyone finding Apache project security issues to the private list [email protected]; comments on this report to the public list [email protected]; or read more about the process at

Founded in 1999, the Apache Software Foundation exists to provide software for the public good with support from more than 70 sponsors. ASF’s open source software is used ubiquitously around the world with more than 8,400 committers contributing to 320+ active projects, including Apache Superset, Apache Camel, Apache Flink, Apache HTTP Server, Apache Kafka, and Apache Airflow. The Foundation’s open source projects and community practices are considered industry standards, including the widely adopted Apache License 2.0, the podling incubation process, and a consensus-driven decision model that enables projects to build strong communities and thrive.

ASF’s annual ApacheCon event is where open source technologists convene to share best practices and use cases, forge critical relationships, and learn about advancements in their field.

© The Apache Software Foundation. “Apache” and “ApacheCon” are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

CONTACT: Contact [email protected] The Apache Software Foundation

Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. takes no editorial responsibility for the same.