BACKGROUND:
It has been reported that 79% percent of the time, third-party libraries are never updated by developers after being included in a codebase – despite the fact that more than two thirds of fixes are minor and non-disruptive to the functionality of even the most complex software applications. The research, from Veracode, also found that 92% of open source library flaws can be fixed with an update, and 69% of updates are only a minor version change or smaller. Open source libraries constantly evolve, so what appears secure today may no longer be so tomorrow, potentially creating a significant security risk for software vendors and users.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
