Browse DevX
Sign up for e-mail newsletters from DevX


Report: Average Application Has 24 Vulnerabilities Due to Flawed Components

Developers aren't very good about fixing application bugs inherited from open source code.


Software supply chain management vendor Sonatype has conducted a review of 1,500 applications that were built using open source components and found that on average, each application inherited 24 severe or critical security vulnerabilities from those components. Making matters worse, when those bugs were fixed in the open source code, developers updated their applications with the fixes only 41 percent of the time with a mean time-to-repair of 390 days.

Sonatype manages one of the largest public repositories of open source Java components. It says that 100,000 organizations used the Central Repository last year and that it served 17.2 billion download requests for 217,000 different components.

View article

Thanks for your registration, follow us on our social networks to keep up-to-date