According to a recent analysis conducted by Veracode, 79% of third-party libraries are never updated after including them in a codebase. Most libraries can be easily updated without disrupting application functionality, according to Veracode. However, the company analyzed the results of 13 million scans of 86,000 customer repositories containing more than 301,000 software libraries. Veracode also surveyed roughly 2,000 developers to understand the use of third-party software.
Since third-party libraries are constantly changing, Veracode’s findings present concerning news for developers. Veracode also found that when the third-party libraries are updated, the vulnerabilities that are detected are fixed within one hour and one week. Therefore, updating the libraries is critical to app security. The lack of updated libraries is largely due to the lack of contextual information about how an outdated software library might impact the application, says Veracode.
Read More: 79% of Third-Party Libraries in Apps Are Never Updated