Research from Veracode suggests that 70 percent of apps have security flaws due to their use of open-source libraries.
The application security firm set out to determine the risk one flawed library can pose to software. For its The State of Software Security (SOSS): Open Source Edition report, Veracode analysed 351,000 libraries across the Veracode platform database of 85,000 applications.
On an initial scan, 70 percent of applications were found to have a security flaw resulting from the use of an open-source library.
Chris Eng, Chief Research Officer at Veracode, said:
“Open source software has a surprising variety of flaws. An application’s attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies.
In reality, developers are introducing much more code, but if they are aware and apply fixes appropriately, they can reduce risk exposure.”