The Unfortunate Reality of Insecure Libraries

Posted by Jeff Williams

More than half of the Global 500 use software built using components with vulnerable code. 80% of the code in today’s applications comes from libraries and frameworks. The risk of vulnerabilities in these components is widely ignored and underappreciated. Our researchers analyzed over 113 million downloads by more than 60,000 commercial, government and non-profit organizations. We studied the 31 most popular Java frameworks and security libraries downloaded from the Central (“Central”) Repository and discovered that 26% of these have known vulnerabilities. Every organization should be concerned about the security of the components that they use and trust to run their business.

View Presentation

View Research Paper