Open Source Code Libraries Seen as Rife With Vulnerabilities

“A study of how 31 popular open-source code libraries were
downloaded over the past 12 months found that more than a third of
the 1,261 versions of these libraries had a known vulnerability and
about a quarter of the downloads were tainted.

“The study was undertaken by Aspect Security, which evaluates
software for vulnerabilities, with Sonatype, a firm that provides a
Central Repository housing more than 300,000 libraries for
downloading open-source components and gets 4 billion requests per

“‘Increasingly over the past few years, applications are being
constructed out of libraries,’ says Jeff Williams, CEO of Aspect
Security, referring to ‘The Unfortunate Reality of Insecure
Libraries’ study. Open-source communities have done little to
provide a clear way to spotlight code found to have vulnerabilities
or identify how to remedy it when a fix is even made available, he

Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis