If you haven’t heard by now, Contrast has a brand spanking new report available… and lots of folks are talking about it. The report is entitled: State of Application Security: Libraries & Software Composition Analysis and highlights analytics gathered from within 1,857 applications, which included different open source libraries, frameworks, and modules. This latest Contrast Labs report provides an interesting take on vulnerability stats and analysis, delving into 3rd party libraries and how they impact your overall software security risk profile. Of course, we want you to download and read the real McCoy yourself. But before you do, check out commentary from a couple of key industry publications. I'm sure you will find them interesting!
Custom Source Code Accounts for 93% of App Vulnerabilities
Third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software, according to a survey released this week by Contrast Security. The State of Application Security: Libraries & Software Composition Analysis Report also finds that while custom code only accounts for 21% of the software in an app, its overall share of vulnerabilities in an app is a whopping 93%. READ MORE >>
Software Libraries Account for Just 7% of App Vulns
According to Contrast Labs at Contrast Security, applications contain both custom code – the code developed by an organization – and third-party libraries, which are often open-source. The research found that custom code represents an average of 21% of an application’s code, and libraries occupy the remaining majority of the overall application. The average application contains 26.7 custom code vulnerabilities, as compared to just two common vulnerabilities and exposures (CVEs) in library code. As such, custom code accounts for 93% of an application’s overall vulnerabilities. READ MORE >>
Help Net Security, 7/25, by Mirko Zorz
Custom Code Accounts for 93% of Application Vulnerabilities
Although third-party software libraries represent a majority of an application’s code, they account for less than seven percent of application vulnerabilities. Typically, applications contain both custom code – the code developed by an organization – and third-party libraries. Contrast Labs analyzed 1,857 software applications, which included several thousand different open source libraries, frameworks, and modules, and found that custom code represents an average of 21 percent of an application’s code, and libraries occupy the remaining majority (79 percent) of the overall application. READ MORE >>