Java Malware

By Don Reisinger

Shared Code

Did you know that 80 percent of the code found in today's applications comes from libraries and frameworks?

Java Malware

26 percent of the 31 most popular Java frameworks and libraries contain malware?

Biggest dangers

Among the most vulnerable libraries, GWT, Xerces, Spring MVC, and Struts 1.x were most likely to be downloaded, according to Aspect Security.

18 Million Downloads

The sheer number of frameworks downloaded is stunning. Spring, one of the most popular libraries, was downloaded over 18 million times in 2011, according to the Aspect Security study.

Undiscovered Flaws

Perhaps most concerning, Aspect Security found that "the vast majority of library flaws remain undiscovered."

Flaws Per Line

On average, Aspect Security found five to 10 security vulnerabilities for every 10,000 lines of Java code. The typical library consists of 10,000 to 200,000 lines of code.

Widespread Use

The ramifications of all this are huge. According to Aspect Security,nearly 50 percent of all Global 500 companies are using some of the top 31 libraries. They're also heavily used across not-for-profit organizations.

Vulnerable Libraries

On the library front, 37 percent contain known vulnerabilities, according to Aspect Security.

45 million

All the malware being downloaded via libraries and frameworks might scare you. In 2006, the figure stood at just under 15 million. In 2011, that figure stood at 45 million.

The More Popular The Better

According to Aspect Security, the more popular library and framework offerings contained 28 percent of known vulnerabilities. Not-so-popular options contained 38 percent of known vulnerabilities.

This article was originally published on 05-07-2012