Security Slideshow: Code Libraries and Application Frameworks: A CIO's Security Nightmare?

By Don Reisinger  |  Posted 05-07-2012

Shared Code

Did you know that 80 percent of the code found in today's applications comes from libraries and frameworks?

Shared Code

Java Malware

26 percent of the 31 most popular Java frameworks and libraries contain malware?

Java Malware

Biggest dangers

Among the most vulnerable libraries, GWT, Xerces, Spring MVC, and Struts 1.x were most likely to be downloaded, according to Aspect Security.

Biggest dangers

18 Million Downloads

The sheer number of frameworks downloaded is stunning. Spring, one of the most popular libraries, was downloaded over 18 million times in 2011, according to the Aspect Security study.

18 Million Downloads

Undiscovered Flaws

Perhaps most concerning, Aspect Security found that "the vast majority of library flaws remain undiscovered."

Undiscovered Flaws

Flaws Per Line

On average, Aspect Security found five to 10 security vulnerabilities for every 10,000 lines of Java code. The typical library consists of 10,000 to 200,000 lines of code.

Flaws Per Line

Widespread Use

The ramifications of all this are huge. According to Aspect Security,nearly 50 percent of all Global 500 companies are using some of the top 31 libraries. They're also heavily used across not-for-profit organizations.

Widespread Use

Vulnerable Libraries

On the library front, 37 percent contain known vulnerabilities, according to Aspect Security.

Vulnerable Libraries

45 million

All the malware being downloaded via libraries and frameworks might scare you. In 2006, the figure stood at just under 15 million. In 2011, that figure stood at 45 million.

45 million

The More Popular The Better

According to Aspect Security, the more popular library and framework offerings contained 28 percent of known vulnerabilities. Not-so-popular options contained 38 percent of known vulnerabilities.

The More Popular The Better