81% of codebases contain known open source vulnerabilities

2022-04-19 02:00

From an operational risk/maintenance perspective, 85% of the 2,097 codebases contained open source that was more than four years out-of-date.

Assessed codebases show open source vulnerabilities are decreasing overall.

There was a more dramatic decrease in the number of codebases containing high-risk open source vulnerabilities.

81% of the assessed codebases contained at least one known open source vulnerability, a minimal decrease of 3% from the findings of the 2021 OSSRA. License conflicts are also decreasing overall.

20% of assessed codebases contained open source with no license or with a customized license.

"The fact remains that over half of the codebases we audited still contained license conflicts and nearly half still contained high-risk vulnerabilities. Even more troubling was that 88% of the codebases contained outdated versions of open source components with an available update or patch that was not applied."

News URL

https://www.helpnetsecurity.com/2022/04/19/open-source-usage-trends/

#opensource #vulnerabilities

News URL

Related news