Based
on Veracode’s annual State of Software Security report 70 % of mobile and desktop apps contain open-source
bugs. Analysis has examined more than 350 000 external libraries used in 81 000
applications and found that open-source libraries are commonly used.
These
libraries may contain bugs and re-using the code developers are spreading these
bugs.
According
to Veracode: “It would be nearly impossible to innovate with software
without these libraries. However, lack of awareness about where and how open
source libraries are being used and their risk factors is a problematic
practice.”
Based
on the report the main libraries are Swift, .NET, Go and PHP. Swift has the
highest level of flaws; .NET libraries has the lowest percentage of bugs. Go and
PHP are in the middle between the first two.
Veracode
also found that the most common vulnerability category is a cross-site scripting
(XSS) – present in 30% of analysed libraries. Insecure deserialization stands
after – 23.5 % and access control has 20.3 %.
No comments:
Post a Comment