Professionals believe their Java apps are secure despite relying on third-party code

Almost two-thirds of senior IT professionals say that their enterprise Java applications contain 50 percent or more third-party code.

These are findings from application security company Waratek based on a survey of attendees at last week's JavaOne conference. However, despite recent high profile vulnerabilities in third-party code, like Shellshock and Heartbleed, nearly 80 percent of respondents still believe their java apps are secure.

"It's a well-known fact that custom developed Java applications are largely constructed with third party software libraries that provide no assurances of security or timely vulnerability mitigation," says Brian Maccaba, CEO of Waratek. "What we found surprising was the high degree of confidence that software developers have in the security of Java applications that use open source components, especially given the widespread threats posed by the recent 'Shellshock' and 'Heartbleed' software flaws".

Further results from the survey show that of those polled 33 percent believe their Java applications are very secure, 46 percent somewhat secure and 13 percent not very secure. When asked about the proportion of third-party or open source code used in their applications, 27 percent say it makes up more than two-thirds of applications, 30 percent say it's more than half and 16 percent more than a quarter with only 19 percent saying less than that.

When asked about the most important considerations when moving Java applications to the public cloud, 71 percent cited security, 54 percent stability and up time, and 28 percent portability and migration. Almost half (46 percent) of respondents said the ability to run Java applications in a secure container would accelerate their plans to move to the public cloud.

You can find out more about Waratek's Application Security for Java platform on the company’s website.

Image Credit: isak55 / Shutterstock