Third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software, according to a survey released this week by Contrast Security.
The State of Application Security: Libraries & Software Composition Analysis Report also finds that while custom code only accounts for 21% of the software in an app, its overall share of vulnerabilities in an app is a whopping 93%.
“You shouldn’t ignore vulnerabilities in your libraries – they can be quite serious. But your custom code is far more likely to have serious vulnerabilities, and so you should spend the vast majority of your security time and effort on your own source code,” says Jeff Williams, CTO and co-founder of Contrast Security.
The survey also finds that 42% of unused libraries account for an app's library code, and that Java apps tend to utilize 107 libraries, compared to the 19 used by .NET apps.
Read more about the survey here.