Security News > 2020 > May > Open source security report finds library-induced flaws in 70% of applications

The State of Software Security: Open Source Edition analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries.
The idea was to define the risk that a single flaw in one library can pose to all applications that leverage that code.
Chris Eng, chief research officer at Veracode, said open source software has a surprising variety of flaws.
The study found that 70% of applications have a security flaw in an open source library on an initial scan.
Using any given PHP library has a greater than 50% chance of bringing a security flaw along with it.
News URL
Related news
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- OSPS Baseline: Practical security best practices for open source software projects (source)
- Hetty: Open-source HTTP toolkit for security research (source)
- NetBird: Open-source network security (source)
- IntelMQ: Open-source tool for collecting and processing security feeds (source)