Connect with us

Hi, what are you looking for?


Veracode: 79% of devs don’t update third-party libraries in their code

Where does your enterprise stand on the AI adoption curve? Take our AI survey to find out.

The Veracode State of Software Security (SoSS) v11: Open Source Edition found that 79% of the time, third-party libraries are never updated by developers after being included in a codebase. This edition of SoSS focuses on open source applications and components — and based on the analysis of 13 million scans of more than 86,000 repositories containing more than 301,000 unique libraries. The analysis also includes survey results on the use of third-party software from nearly 2,000 developers.

Most develoeprs set and forget open source libraries in their code

Above: The Veracode SoSS v11: Open Source Edition found that 79% of developers never update third-party libraries after included in a codebase. Most of the issues can be addressed as minor fixes.

Image Credit: Veracode

The libraries are not updated despite the fact that more than two-thirds of fixes are considered minor and non-disruptive to the application’s overall functionality. Further, 92% of open source library flaws can be fixed with an update, and 69% of updates are only a minor version change or smaller. Open source libraries constantly evolve, so what appears secure today may no longer be so tomorrow, potentially creating a significant security risk for software vendors and users.

The good news is that developers typically respond quickly once they learn about vulnerable libraries in the codebase. Nearly 17 percent of vulnerable libraries are fixed within an hour of the developer discovering a library with a vulnerability, and 25 percent are fixed within seven days, Vera code said.

Focusing on the open source libraries in codebases today, how organizations are managing the security of these libraries, fluctuations in library popularity and vulnerability year over year, and best practices on using open source code securely, the research also finds that only 52% of developers surveyed have a formal process for selecting third-party libraries, while more than a quarter are either unsure -– or even unaware –- if there is a formal process in place. Additionally, developers rated “Security” only the third most important consideration when selecting a library, while “Functionality” and “Licensing” took the first and second spots respectively.

Advertisement. Scroll to continue reading.

Since nearly all modern applications are built using third-party open source software, a single flaw or adjustment in one library can cascade into all applications using that code, meaning that constant changes in library popularity, vulnerability, and updates have a direct impact on software security.

Read the full Veracode SoSS v11: Open Source Edition.


VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Source link

Click to comment

Leave a Reply



Online Business Success

Starting your own ecommerce business can be very exciting, but how do you get started if you don’t … [+] have any money? getty...


Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to...

Loan And Finance

ACORD, the standards-setting body for the global insurance industry, has kickstarted 2022 by announcing its updated board of directors, which consists of...

Social Media

After previewing it as a coming feature within its announcement of the expansion of remixable videos on the platform last week, Instagram has now...

Top Stories

Crypto investors are beginning to feel a sense of hope once more on Jan. 26 as the wider cryptocurrency market is seeing green and...

Loan And Finance

Nurse Yvette Laugere adjusts her N95 mask while working at a newly opened free COVID-19 testing site operated by United Memorial Medical Center in...


Source: Joseph Keller / iMore Apple has won more than a few awards for its Apple TV+ streaming service but its latest wins aren’t...

Social Media

TikTok has launched a new, video-aligned platform training course for marketers, designed to provide tips and insights on how to make best use of...


You May Also Like

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...


In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...