Report: 88% of Java Apps Include Vulnerable Open Source Code

by Developer.com Staff

Enterprises often rely on Java components with known security flaws.

According to a new report from Veracode, which is owned by CA Technologies, 88 percent of Java apps include at least one open source component with a known security vulnerability. In addition, 53.3 percent of Java apps use a version of the Commons Collections components that has a security bug.

“The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications — making many of them breachable with a single exploit,” said Chris Wysopal, CTO of Veracode.

The company recommends that enterprise application development teams keep an up-to-date list of which Java components their apps rely on.

View article

This article was originally published on Thursday Oct 19th 2017
Mobile Site | Full Site