88% increase in application library vulnerabilities over two years

The Snyk State of Open Source Security report 2019 highlights a significant increase in application library vulnerabilities over two years, with nearly doubling from 43% to 88%. This rise is attributed to the growing number of new packages being indexed in ecosystems such as Maven Central and npm. The report also reveals that 81% of developers believe security should be owned by developers, but they are not well-equipped to handle it. Moreover, open source maintainers want to be secure, but 70% lack the necessary skills. The top ten most popular Docker images each contain at least 30 vulnerabilities, and ReDoS vulnerabilities in npm have spiked by 143%. Furthermore, 78% of vulnerabilities are found in indirect dependencies, making remediation complex.