Ninety-six percent of open source Java downloads with known cybersecurity vulnerabilities could have been avoided because a better version was available, but was not used, according to a new report.
The eighth annual State of the Software Supply Chain Report from Sonatype found a massive surge in open source supply, demand and malicious attacks, in addition to legacy open source downloads leading to vulnerability exploitation.