Most Apps Contain Vulnerable Open Source Libraries, Says State of Software Security Report

Software applications can contain hundreds or thousands of open source libraries. Unfortunately, according to Veracode’s recently published State of Software Security report, “70 percent of applications have a security flaw in an open source library on initial scan.” 

The report, which highlights the interconnected dependencies among open source libraries and how those dependencies can decrease application security, found that 47 percent of the flawed libraries are pulled indirectly (as opposed to 42 percent that are pulled directly); thus, developers may be introducing more vulnerabilities than they realize.

However, the report also notes that addressing these security flaws is generally not difficult. Appropriate patching or a minor version update will usually all that is required.

 

Comments