' The State of Software Security (SOSS): Open Source Edition "analyzed
the component open source libraries across the Veracode platform
database of 85,000 applications which includes 351,000 unique external
libraries," reports TechRepublic. "Chris Eng, chief research officer
at Veracode, said open source software has a surprising variety of
"An application's attack surface is not limited to its own code and
the code of explicitly included libraries, because those libraries
have their own dependencies," he said. The study found that 70% of
applications have a security flaw in an open source library on an
Other findings from the report:
- The most commonly included libraries are present in over 75% of
applications for each language.
- 47% of those flawed libraries in applications are transitive.
vulnerabilities without corresponding common vulnerabilities and
- Fixing most library-introduced flaws can be done with a minor version upgrade.
- Using any given PHP library has a greater than 50% chance of
bringing a security flaw along with'
-- source: https://developers.slashdot.org/story/20/05/23/2330244
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174