Security News > 2020 > May > Eye-opening statistics about open source security, license compliance, and code quality risk

Eye-opening statistics about open source security, license compliance, and code quality risk
2020-05-14 04:30

99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys.

The most concerning trend in this year's analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year.

"It's difficult to dismiss the vital role that open source plays in modern software development and deployment, but it's easy to overlook how it impacts your application risk posture from a security and license compliance perspective," said Tim Mackey, principal security strategist of the Synopsys Cybersecurity Research Center.

Beyond the increased likelihood that security vulnerabilities exist, the risk of using outdated open source components is that updating them can also introduce unwanted functionality or compatibility issues.

Sixty-eight percent of codebases contained some form of open source license conflict, and 33% contained open source components with no identifiable license.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/1ZZRPpcdCSg/

Related news