The Rapidly Changing Open Source Library Landscape

In the open source library world, what’s hot and what’s not can change dramatically within the span of a year. In turn, what’s secure and what’s not changes equally fast. Having visibility into both what’s used in your codebase and what’s vulnerable is critical to reducing risk.

Published in Veracode's 2021 State of Software Security: Open Source Edition, the chart below highlights the most popular and vulnerable third-party libraries over a two-year period. It's clear to see that what’s secure today might not be tomorrow. If we look at Go as an example, some of its most vulnerable libraries in 2019 became less vulnerable in 2020, and some become more vulnerable.

Hovering near points will highlight the library name and its relevant ranks. Clicking a language title will present a more complete view with more information on highlight. To exit out of that view, simply click the language title again.