There's a minefield of security problems bubbling under the surface of modern software, Veracode has claimed in its latest report, thanks to developers pulling third-party open-source libraries into their code bases – then never bothering to update them again.
"The vast majority of today's applications use open source code. The security of a library can change quickly, so keeping a current inventory of what's in your application is crucial," Chris Eng, Vercode's chief research officer, said. "We found that once developers pick a library, they rarely update it.
"With vendors facing increasing scrutiny around the security of their supply chain, there is simply no way to justify a 'set it and forget it' mentality. It's vital that developers keep those components up-to-date and respond quickly to new vulnerabilities as they’re discovered."