In the article by WorldNews, they state that 88 Percent of Java Apps Susceptible to Widespread Attacks from Known Security Defects, According to New Research from CA Veracode.
“The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications — making many of them breachable with a single exploit,” said Chris Wysopal, CTO, CA Veracode.
The 2017 State of Software Security Report by Veracode shows that approximately 53.3 percent of Java applications rely on a vulnerable version of the Commons Collections components.
There are just as many applications using the vulnerable version in 2017 as there were in 2016. The use of components in application development is common practice as it allows developers to reuse functional code — speeding up the delivery of software.
Studies show that up to 75 percent of a typical application’s code is made up of open source components.
Veracode found that 23% of third-party software passes OWASP Top 10 policy vs. 35% of internally developed software.
In the info-graphic – “What’s New in the State of Software Security 2017 Report“, it summaries the findings. The report points out the following typical statistics for software that has NOT been previously security tested:
- 70% fail to pass OWASP Top 10 policy
- 77% have at least one vulnerability
- 12% have at least one high or very high severity vulnerability
Fortunately, Developers with the right training and tools write more secure code:
- Developers who use eLearning fix 19% more flaws
- Developers who get coaching from security experts fix 88% more flaws.