Copy
Boffins in Finland have scanned the open-source software libraries in the Python Package Index, better known as PyPI, for security issues and found that nearly half contain potentially vulnerable code.
In a research paper distributed via ArXiv, Jukka Ruohonen, Kalle Hjerppe, and Kalle Rindell from the University of Turku describe how they subjected some 197,000 Python packages available through PyPI to a static analysis tool called Bandit and found more than 749,000 instances of insecure code.
"Even under the constraints imposed by static analysis, the results indicate [the] prevalence of security issues; at least one issue is present for about 46 per cent of the Python packages," the researchers said.