[Note: This item comes from friend David Rosenthal. DLH]
Your dependencies are not dependable
By Thomas Claburn
Mar 14 2017
These libraries simplify common development patterns like manipulating HTML page elements, providing application structure, and simplifying user interface construction.
The researchers looked at 75,000 of the top Alexa-ranked websites and at 75,000 randomly chosen .com websites. They found at least 36.7 per cent of jQuery, 40.1 per cent of Angular, 86.6 per cent of Handlebars, and 87.3 per cent of YUI (the discontinued Yahoo! User Interface Library) implementations employ a vulnerable version.
“Alarmingly, many sites continue to rely on libraries like YUI and SWFObject that are no longer maintained,” the paper says. “In fact, the median website in our dataset is using a library version 1,177 days older than the newest release, which explains why so many vulnerable libraries tend to linger on the web.”