According to a new report from Veracode, which is owned by CA Technologies, 88 percent of Java apps include at least one open source component with a known security vulnerability. In addition, 53.3 percent of Java apps use a version of the Commons Collections components that has a security bug.
“The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications — making many of them breachable with a single exploit,” said Chris Wysopal, CTO of Veracode.
The company recommends that enterprise application development teams keep an up-to-date list of which Java components their apps rely on.
