New research from Veracode found that most applications use open-source libraries that also present vulnerabilities, but the distribution of such libraries depends on the programming languages used.
Open-source libraries are ubiquitous, but they are not limited to integration into open-source apps. In fact, most available apps contain open source libraries, even if they are from private companies and are sold as proprietary.
Not all libraries are used in equal proportions, but usage varies depending on the existing ecosystem. For example, the Veracode research shows that the JavaScript applications investigated have hundreds of dependencies, with some app reaching 1,000 different libraries. The researchers looked at 351,000 unique libraries across all major programming languages.
