Meaghan McBee from Veracode shares a few results from their State of Software Security: Open Source Edition report. I noted this stat: “79 percent of the time developers never update third-party libraries once they’re in a codebase.”
I like this take from Rey Bango on this particular statistic:
“Yep seems about right but not because developers don’t want to do the right thing. They’re just spread thin due to ongoing resource demands.”
Some developers are lazy, but in my experience, it’s more often the case they are overworked. 😫
