Custom Source Code Accounts for 93% of App Vulnerabilities

A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.

Dark Reading Staff, Dark Reading

July 25, 2017

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software, according to a survey released this week by Contrast Security.

The State of Application Security: Libraries & Software Composition Analysis Report also finds that while custom code only accounts for 21% of the software in an app, its overall share of vulnerabilities in an app is a whopping 93%.

“You shouldn’t ignore vulnerabilities in your libraries – they can be quite serious. But your custom code is far more likely to have serious vulnerabilities, and so you should spend the vast majority of your security time and effort on your own source code,” says Jeff Williams, CTO and co-founder of Contrast Security.

The survey also finds that 42% of unused libraries account for an app's library code, and that Java apps tend to utilize 107 libraries, compared to the 19 used by .NET apps.

Read more about the survey here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights