SoylentNews

The company that provides hosting services for the Maven Central Repository says that one in sixteen downloads is for a Java component that contains a known security flaw.

Sonatype claims that developers usually download 31 billion Java components per year, with over 1,000 new components and over 10,000 new component versions created daily.

Companies nowadays employ managed central component repositories for storing their code. While some use private projects, more use open-sourced code, which in some cases they download and import in their projects without proper security audits.

Sonatype estimates that between 80 and 90 percent of today's enterprise code is actually made up of open source components, imported from public repositories.

Because security vulnerabilities are public, and because Sonatype has access to the server statistics, it is, more than anyone else, in a position to warn developers about the dangers of using insecure or outdated components inside their code.