More than four in five (84%) codebases contain at least one known open source vulnerability.
Numerical values are new to Synopsys Open source security and risk analysis report (Osra)citing an increase of almost 4% compared to last year.
The survey document found a 163% increase in open source adoption in the education technology sector, followed by the aerospace, aviation, automotive, transportation and logistics sectors (97%), and manufacturing and robotics (74%). also mentions
“The key to managing open source risk at modern development speeds is maintaining complete visibility into your application content,” he said. synopsis Software Consistency Group.
“By embedding this visibility into the application lifecycle, businesses have the information they need to make informed, timely decisions about risk resolution.”
High-risk defects over the past five years have increased significantly from 2019, especially in the retail and e-commerce sector (557%).
Additionally, Synopsys found that 31% of its codebase relies on open source with no identifiable license or customized license. This is a 55% increase from last year.
Finally, 91% of the audited codebases contained outdated versions of open source components.
“Organizations using third-party software of any kind should, of course, assume that it includes open source,” explains McGuire.
“Validating this and staying on top of the associated risks is as easy as getting an SBOM. [software Bill of Materials] – Easily provided by vendors who take the necessary steps to secure their software supply chain. “
The 2023 OSSRA report summarizes the results of over 1700 audits of commercial and proprietary codebases from merger and acquisition transactions, highlighting 17 industry-wide trends.
It also includes a number of recommendations for businesses to better manage the security risks of open source development and use.
New data comes weeks after Sonatype cybersecurity researchers Discover over 700 Malicious open source packages on npm and PyPI open source registries.
