A new report from Sonatype and Aspect Security finds that developers are continuing to download out-of-date versions of open source libraries, even when repaired versions exist. In fact, they report that developers downloaded vulnerable versions of 31 of the most popular open-source libraries and web frameworks a grand total of 46 million times. These insecure pieces of code are going into 80 percent of “typical software applications.” In addition, the report authors claim that the world’s 500 biggest companies downloaded more than 2.8 million bug-containing open source files in one year.
“While the numbers from this report are staggering, the takeaway is clear — open-source software is critical to forward-thinking development organizations, but there must be education and control to accompany its usage,” said Aspect Security’s Jeff Williams.
