Skip to Main Content

88 Percent of Java Apps Susceptible to Attack

Veracode's  2017 State of Software Security Report, an annual review of application security testing data, revealed that 88 percent of Java applications contain at least one vulnerable component.

In reality, the issue could actually be much worse than many imagine. And it's reason for concern (some would argue panic) for the design and development community.

Why? Fewer than 28 percent of companies actually conduct regular composition analysis today in order to understand which components are built into their applications according to Veracode. 

Among the other industry trends/issues such as vulnerability fix rates and percent of applications with vulnerabilities addressed in the report, Veracode's study also exposes the pervasive risk from vulnerable open source components. 

For example, the report showed that approximately 53.3 percent of Java applications rely on a vulnerable version of the Commons Collections components. Even today, there are just as many applications using the vulnerable version as there were in 2016 according to Veracode.

The use of components in application development is, of course, common practice as it allows developers to reuse functional code -- speeding up the delivery of software, but are the risks worth the rewards? Studies show that up to 75 percent of a typical application's code is made up of open source components.

"The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications -- making many of them breachable with a single exploit," said Chris Wysopal, CTO, CA Veracode.
Today's Top Picks for Our Readers:
Recommended by Recommended by NetLine

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up


Leave a comment
    Load more comments
    New code