Buggy open source components still dog dev teams

You can write the best code in the world, but if you use vulnerable libraries and frameworks, you're introducing serious security problems to your application

Buggy open source components still dog dev teams
Steve Jurvetson (CC BY 2.0)

Software bugs are inevitable, but some issues are more about not vetting third-party libraries than actual coding mistakes. Many of the security vulnerabilities found in commercial software are the result of using at-risk versions of open source libraries and frameworks, and the problem isn't getting any better.

Modern software development relies on cobbling together custom code with multiple open source components, but organizations underestimate exactly how many libraries and frameworks they actually use, Black Duck Software said in its latest Open Source Security and Risk Analysis.

Copyright © 2017 IDG Communications, Inc.

How to choose a low-code development platform