Skip to content

NEW REPORT: Just 7% of Application Vulnerabilities are Sourced from 3rd-Party Code Libraries

    
NEW REPORT: Just 7% of Application Vulnerabilities are Sourced from 3rd-Party Code Libraries
WPlibraries-Cover0717.png

If you haven’t heard by now, Contrast has a brand spanking new report available… and lots of folks are talking about it. The report is entitled: State of Application Security: Libraries & Software Composition Analysis and highlights analytics gathered from within 1,857 applications, which included different open source libraries, frameworks, and modules. This latest Contrast Labs report provides an interesting take on vulnerability stats and analysis, delving into 3rd party libraries and how they impact your overall software security risk profile. Of course, we want you to download and read the real McCoy yourself. But before you do, check out commentary from a couple of key industry publications. I'm sure you will find them interesting!


Dark-Reading-Black-Hat.png
Custom Source Code Accounts for 93% of App Vulnerabilities
Third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software, according to a survey released this week by Contrast Security. The State of Application Security: Libraries & Software Composition Analysis Report also finds that while custom code only accounts for 21% of the software in an app, its overall share of vulnerabilities in an app is a whopping 93%. READ MORE >>

logo-infoSecurity0717.png

Software Libraries Account for Just 7% of App Vulns
According to Contrast Labs at Contrast Security, applications contain both custom code – the code developed by an organization – and third-party libraries, which are often open-source. The research found that custom code represents an average of 21% of an application’s code, and libraries occupy the remaining majority of the overall application. The average application contains 26.7 custom code vulnerabilities, as compared to just two common vulnerabilities and exposures (CVEs) in library code. As such, custom code accounts for 93% of an application’s overall vulnerabilities. READ MORE >>

LOGOhelpnetsecurity0717.png
Help Net Security, 7/25, by Mirko Zorz
Custom Code Accounts for 93% of Application Vulnerabilities
Although third-party software libraries represent a majority of an application’s code, they account for less than seven percent of application vulnerabilities. Typically, applications contain both custom code – the code developed by an organization – and third-party libraries. Contrast Labs analyzed 1,857 software applications, which included several thousand different open source libraries, frameworks, and modules, and found that custom code represents an average of 21 percent of an application’s code, and libraries occupy the remaining majority (79 percent) of the overall application. READ MORE >>

State-of-Application-Security

Christine Carrig, Director of Marketing

Christine Carrig, Director of Marketing

Christine’s wide breadth of marketing experience has been focused on driving revenue, building brand recognition, and creating demand-generation programs in technology organizations. For the past 11 years, her deep understanding of marketing principles, coupled with forward thinking, has been instrumental in transforming application security start-ups into successful, profitable companies.