Analysis of More Than 120,000 applications found that half of Third-Party Software Components in Use are Outdated. Analysis of 128,782 software applications identified 16,868 unique versions of open source and commercial software components containing almost 10,000 unique security vulnerabilities. Nearly 50 percent of these components identified through the analysis of these applications were more than four years old, and in almost every case a newer, more secure version of the software component is available. The Heartbleed bug still appears in the top 50% of all CVEs observed, even though a patch has been available since 2014.”]