A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library.
According to Veracode’s annual State of Software Security report, these open-source libraries – free, centralized code repositories that provide ready-made application “building blocks” for developers – are not only ubiquitous but also risky.
The analysis examined 351,000 external libraries in 85,000 applications, and found that open-source libraries are extremely, extremely common. For instance, most JavaScript applications contain hundreds of open-source libraries – some have more than 1,000 different libraries. In addition, most languages feature the same set of core libraries.
Source: threatpost.com
