Buggy open source components still dog dev teams

Buggy open source components still dog dev teams
21-Apr-2017 01:13 INFOWORLD

Software bugs are inevitable, but some issues are more about not vetting third-party libraries than actual coding mistakes. Many of the security vulnerabilities found in commercial software are the result of using vulnerable versions of open source libraries and frameworks, and the problem isn't getting any better.Modern software development relies on cobbling together custom code with multiple open source components, but organizations underestimate just how many libraries and frameworks they actually use, Black Duck Software said in its latest Open Source Security and Risk Analysis.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] Of the more than a thousand commercial applications audited by the company in 2016, 96 percent contained at least one open source component. A little more than a third of the application's codebase is made up of open source code, with an average application using 147 unique components, according to the analysis.To read this article in full or to leave a comment, please click here