The State of Software Security (SOSS): Open Source Edition research found that seven in 10 apps use at least one unpatched open source library. The research analyzed open source libraries across the Veracode platform, which includes 351,000 unique external libraries.
Chris Eng, chief research officer at Veracode, said these results should cause developers to prioritize patching and framework-specific security. Eng stressed that dependencies between libraries leave open source software vulnerable to a range of attacks beyond code. Vulnerabilities also varied by framework: JavaScript, Ruby, PHP, and Java get most of their attacks from transitive inclusions, while .NET, Swift, and Go have more direct dependencies.
Source: opensource.com