Security News > 2020 > May > Eye-opening statistics about open source security, license compliance, and code quality risk
99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys.
The most concerning trend in this year's analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year.
"It's difficult to dismiss the vital role that open source plays in modern software development and deployment, but it's easy to overlook how it impacts your application risk posture from a security and license compliance perspective," said Tim Mackey, principal security strategist of the Synopsys Cybersecurity Research Center.
Beyond the increased likelihood that security vulnerabilities exist, the risk of using outdated open source components is that updating them can also introduce unwanted functionality or compatibility issues.
Sixty-eight percent of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1ZZRPpcdCSg/
Related news
- Open source maintainers: Key to software health and security (source)
- 7 Security and Compliance Tips From ISC2 Security Congress (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- Am I Isolated: Open-source container security benchmark (source)
- CISOs in 2025: Balancing security, compliance, and accountability (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Navigating the compliance labyrinth: A CSO’s guide to scaling security (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)