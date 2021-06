BURLINGTON, Mass., June 22, 2021 – Veracode, the largest global provider of application security testing (AST) solutions, today launched new research that finds nearly 80 percent of the time, third-party libraries are never updated by developers after being included in a codebase - despite the fact that more than two thirds of fixes are minor and non-disruptive to the functionality of even the most complex software applications. Open source libraries constantly evolve so what appears secure today may no longer be so tomorrow, potentially creating a significant security risk for software vendors and users. The Veracode State of Software Security (SoSS) v11: Open Source Edition analyzed 13 million scans of more than 86,000 repositories containing more than 301,000 unique libraries, and also surveyed nearly 2,000 developers to understand how they use third-party software.