Two Thirds of Enterprise Java Applications Contain Mostly Third Party Code Yet Considered Secure

By October 8, 2014 September 25th, 2020 News

Despite Vulnerabilities Associated with Third Party Libraries; Nearly 80 Percent of Developers Surveyed at JavaOne Conference think their Applications are Safe

NEW YORK, Oct. 8, 2014 – Waratek, the Java application protection and management company, today announced the results of a survey conducted at the JavaOne 2014 Conference last week. Nearly two-thirds of senior IT professionals polled said their Java applications contain 50 percent or more third party code. Meanwhile, nearly 80 percent believe their applications are somewhat (46%) or very secure (33%). These findings are surprising given the recent disclosure of two massive vulnerabilities in widely used third-party libraries — the “Shellshock” and “Heartbleed” bugs.

“It’s a well-known fact that custom developed Java applications are largely constructed with third party software libraries that provide no assurances of security or timely vulnerability mitigation,” said Brian Maccaba, CEO of Waratek. “What we found surprising was the high degree of confidence that software developers have in the security of Java applications that use open source components, especially given the widespread threats posed by the recent ‘Shellshock’ and ‘Heartbleed’ software flaws.”

Waratek surveyed more than 100 senior IT executives and Java professionals at the JavaOne 2014 Conference last week about their enterprise and application security concerns. According to those polled:

  • Java applications are very secure (33%), somewhat secure (46%) and not very secure (13%)
  • Third Party/Open Source code makes up more than two-thirds of applications (27%), more than half (30%), more than a quarter (16%) and less than a quarter (19%)
  • The most important considerations in moving Java applications to the public cloud are: security (71%), Stability/Uptime (54%) and Portability/Migration (28%)
  • Nearly half (46%) said the ability to run Java applications in a secure container would accelerate their plans to move to the public cloud

The JavaOne conference brings together Java experts and enthusiasts for an extraordinary week of learning and networking focused entirely on all things Java. With more than 550 sessions covering topics that span the breadth of the Java universe, keynotes from foremost Java visionaries, tutorials, and expert-led hands-on learning opportunities, JavaOne is the world’s most important event for the Java community.

About Waratek

Waratek makes Java enterprise applications more secure and easier to manage. The Waratek Application Security for Java platform provides transparent, run-time application self-protection against business logic and network layer threats. The Waratek CloudVM enables organizations to deploy multiple Java apps on a single server within Cloud or datacenter environments to dramatically reduce operating costs. Waratek is a SWIFT Innotribe Top Global Innovator, Gartner Cool Vendor in Application and Integration Platforms, and FinTech Innovation Lab winner. The company is headquartered in Dublin, Ireland with offices in London, New York, Sydney, Tokyo, Shanghai, Taipei and Seoul. For further information please visit

Editorial Contact:
Marc Gendron
Marc Gendron PR


Author News

More posts by News

Leave a Reply