burger menu
Open Source Security and Risk Analysis (OSSRA) Report

Open Source Security and Risk Analysis (OSSRA) Report

    Add to bookmarks

Synopsys Cybersecurity Research Center

SUMMARY

This research reveals that open source accounted for 60% of the code analyzed in 2018, 57% more compared to 2017. The report also notes that in 13 out of 17 industries under examination, over 50% of the average codebase comprised open source.

This open-source security research gives a detailed look at the current state of open source security, compliance, and code quality risk in commercial software. Among its findings, the report says that 99% of codebases with more than 1,000 files will probably contain open source components.

Several components were frequently used across different codebases, the paper explains. jQuery, open-source software using the MIT License, was used in more than half of the scanned codebases and in all sectors that this study covers. Unpatched software vulnerabilities are among the main cyber threats companies have to deal with, the document adds, and unpatched open source components in software add to security risk.

The paper also showed that more than half of the codebases audited in 2018 had at least one vulnerability—still a high figure but certainly an improvement compared to the 78% found in 2017.

This study also includes recommendations aimed at helping organizations to better understand the open source security and license risk arena as they try to improve their application risk management processes. Correct management of open source software isn’t just related to security but to license management. Unless companies are aware of the rights and obligations of using a certain open source component, they can’t really tell if they comply with those obligations. Noncompliant firms could actually lose rights to their proprietary, the paper notes.

Report download requires free registration on publisher’s website.

OUTLINE

About this report

2019 Open Source Security and Risk Analysis report

Open source composition of scanned codebases 

Open source security: The risk issue is unpatched software, not open source use 

Another record year for disclosed vulnerabilities 

License risk in open source components 

Types of open source licenses 

Open source components with no or custom licenses

Open source license risk across verticals

Operational factors in open source use

Conclusion

Recommendations 

DETAILS

Overview

Researchfinder Rating
4 out of 5 stars
Title
Open Source Security and Risk Analysis (OSSRA) Report
Sub-Title
Synopsys Cybersecurity Research Center
Region
Global
Published
May 7, 2019
Publisher
Synopsys
Price
FREE
Language
ENGLISH

Content

Number of Pages
20
Number of Tables
9
Number of Exhibits
0
Topics
security
Tags
cyber security, global, open source security, SaaS, security, software, software security, Synopsys
Methodology
This report is based on findings from data of more than 1,200 commercial codebases audited in 2018.
EVALUATION

This in-depth open-source security report offers a comprehensive look at the current state of open source security, compliance, and code quality risk in commercial software. 

Positives:

  • Good tables and graphics
  • Nice lay-out
  • Well-structured

Negatives:

  • Highly technical content only for industry experts

 

Similiar Reports

Internet Trends 2019

FREE

2019 Global eCommerce Fraud Management Report

FREE

Good Practices for Security of Internet of Things

FREE