2021 State of Open-Source Security Report
2021 State of Open-Source Security Report
Open-source libraries help software developers meet aggressive deadlines. As a result, these libraries and their classes continue to proliferate and grow in complexityâincreasing the risk they pose while making it more difficult to secure modern applications. The 2021 State of Open-source Security Report uses telemetry from actual applications protected by Contrast OSS and Contrast Assess to reveal key trends about library usage, vulnerabilities, and best practices. Key findings include:
While the average application contains 118 libraries, only 38% of libraries are active.
The average library uses a version that is 2.5 years oldâwhich increases the risk of unaddressed vulnerabilities.
Contrast Security Study Exposes Significant Time and Resource Drain in Software Supply Chain Security
2021 State of Open-source Security Report From Contrast Labs Reveals That Less Than 10% of Application Code is Active Third-Party Library Code
News provided by
Share this article
Share this article
LOS ALTOS, Calif., April 8, 2021 /PRNewswire/ A new study by Contrast Security reveals that 62% of libraries found in applications are inactive that is, are not used at all by the software. Additionally, in libraries that
are active, 69% of library classes are not invoked by applications. Vulnerabilities in these unused portions of applications are reported as exploitable risk by legacy software composition analysis (SCA) tools. This exposes an organization to higher risk, operational inefficiency, and potential delays in software release cycles.