<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=113894&amp;fmt=gif">


Contrast Security brings you this analysis of 113 million downloads from the Central Repository (“Central”) by more than 60,000 commercial, government, and non-profit organizations. Be aware of the potential hazards you inherit when utilizing open source libraries. Protect your organization – and your job – with this critical knowledge.

This analysis reveals interesting findings and insights, including:

  • 29.8 million (26%) of library downloads have known vulnerabilities
  • Security libraries are slightly more likely to have a known vulnerability than frameworks
  • Java apps are likely to include at least one vulnerable library
  • The most downloaded vulnerable libraries were GWT, Xerces, Spring MVC, and Struts 1.x

Note: This paper is not a critique of open source libraries, and we caution against interpreting this analysis as such. To learn more about what was discovered in the study, submit the form to the right.