State of Software Security: Volume 11
Despite this dynamism, a large amount of library selection is “set it and forget it,” with developers finding the functionality they need and never changing it. What was a functional library with no flaws two years ago may expose an application today.
So how do we face the challenge of this changing landscape? The results in this report suggest that when developers are given the information they need, they can act quickly to resolve issues. It helps that most fixes are no more taxing than a minor software update, something not likely to break the inner workings of even the most complex application.
This research draws on Veracode Software Composition Analysis to catalogue the use of third-party software. Download to learn more.
