A new report out from security testing firm Veracode suggests that reused and third party code is a big source of application insecurity. Cross site scripting attacks continued to be the most prevalent type of security vulnerability, accounting for 51% of all vulnerabilities uncovered. 40% of applications scanned were found to have cryptographic issues, a category of vulnerability that could include sensitive data that was unencrypted or inadquately encrypted, the report found. Between 30% and 70 of applications found to contain code from third party suppliers.
Source: https://threatpost.com/report-reused-third-party-code-major-sources-insecurity-092210/74492/