Custom Source Code Accounts for 93% of App VulnerabilitiesCustom Source Code Accounts for 93% of App Vulnerabilities
A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.
July 25, 2017
Third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software, according to a survey released this week by Contrast Security.
The State of Application Security: Libraries & Software Composition Analysis Report also finds that while custom code only accounts for 21% of the software in an app, its overall share of vulnerabilities in an app is a whopping 93%.
“You shouldn’t ignore vulnerabilities in your libraries – they can be quite serious. But your custom code is far more likely to have serious vulnerabilities, and so you should spend the vast majority of your security time and effort on your own source code,” says Jeff Williams, CTO and co-founder of Contrast Security.
The survey also finds that 42% of unused libraries account for an app's library code, and that Java apps tend to utilize 107 libraries, compared to the 19 used by .NET apps.
Read more about the survey here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023