A huge problem of legacy apps

Last Update: 20.11.2018. By Jens in Newsletter

I know legacy apps cause many issues. Nobody really wants to work on one. The funny thing is, most of them are already the legacy problems roughly a half year after the first release. At least in my experience. Anyways, one of the problems can become a nightmare after a few years.

Security.

Or better stated, the lack of security updates. Security vulnerablitites are almost everywhere, no matter the kind of library or framework or runtine. However, not all are equally bad. Yet, if your service is connected to the internet, it is worse and can become a nightmare.

The first “protection” against this is the security through obscurity like only a few dozen people know the URL of the service, it’s not indexed on google and whatever. Like in todays app from stone age :-)

I knew it’s old and as I was looking something up, I wondered on what version of struts it was running. If it still was struts 1 or at least 2. Turned out it runs on Struts 2.0.9 which was release mid July in 2007. Yeah, no updates of anything since them. So essential, it collected all security vulnerabilities of roughly 11 years....

The real problem behind that is, that nobody ever thought the app would live that long. Nor did anbody ever plan budget and time for keeping the tech stack up to date. Maybe they don’t care or don’t understand the issues or whatever. There’s a pletora of possible reasons. Anyways, if you can allocate time to update dependencies so know issues are fixed.

For fixes in Spring, check out this site (with feed).

-