Almost two-thirds of senior IT professionals say that their enterprise Java applications contain 50 percent or more third-party code.
These are findings from application security company Waratek based on a survey of attendees at last week’s JavaOne conference. However, despite recent high profile vulnerabilities in third-party code, like Shellshock and Heartbleed, nearly 80 percent of respondents still believe their java apps are secure.
“It’s a well-known fact that custom developed Java applications are largely constructed with third party software libraries that provide no assurances of security or timely vulnerability mitigation,” says Brian Maccaba, CEO of Waratek. “What we found surprising was the high degree of confidence that software developers have in the security of Java applications that use open source components, especially given the widespread threats posed by the recent ‘Shellshock’ and ‘Heartbleed’ software flaws”.