The use of open source software has become increasingly prevalent in the tech industry, with many companies relying on these programs for their day-to-day operations. Open source software is at an all-time high with projects like WordPress, which now powers over 43% of the internet. However, with the widespread adoption of open source comes new security and compliance risks. The 2023 “Open Source Security and Risk Analysis” (OSSRA) report, based on data provided by the Synopsys Cybersecurity Research Center (CyRC), provides an in-depth look at the current state of open source security and risks in commercial software.
The report highlights the continued growth of open source software usage, with open source components comprising an average of 70% of commercial codebases. This growth presents new challenges for companies as they navigate the complexities of open source licensing, compliance, and security.
84% of open-source codebases contain at least one vulnerability
https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html
One key finding of the report is that many companies are not adequately addressing open source security risks. In fact, over 75% of the analyzed codebases contained at least one vulnerability, with an average of 77 vulnerabilities per codebase. These vulnerabilities can range from minor issues to critical security flaws that could be exploited by cybercriminals.
Additionally, the report highlights the importance of proper open source license compliance. Failure to comply with open source license requirements can result in legal and financial consequences for companies. However, the report found that only 32% of the analyzed codebases had proper open source license documentation.
Overall, the OSSRA report serves as a reminder of the importance of properly managing open source risks in commercial software. Companies must prioritize open source security and compliance to protect themselves and their customers from potential vulnerabilities and legal issues.