Synopsys Study Highlights Challenges with Managing Open Source Risk in Software Supply Chains

Find the Latest SoC Solutions
for... Automotive... IoT... Security... Audio... Video

Analysis of more than 2,400 commercial and proprietary codebases finds decreases in open source license and vulnerability risks, but 88% of organizations still behind in keeping open source updated.

Apr. 14, 2022 – 

Synopsys Inc.'s 2022 Open Source Security and Risk Analysis (OSSRA) report highlights trends in open source usage within commercial and proprietary applications and provides insights to help developers better understand the interconnected software ecosystem. It also details the pervasive risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues. Produced by the Synopsys Cybersecurity Research Center (CyRC)Synopsys Cybersecurity Research Center (CyRC), the report examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, performed by the Black Duck Audit Services team.

The 2022 OSSRA report findings underscore the fact that open source is used everywhere, in every industry, and is the foundation of every application built today.

Outdated open source remains the norm–including presence of vulnerable Log4j versions. From an operational risk/maintenance perspective, 85% of the 2,097 codebases contained open source that was more than four years out-of-date. 88% utilized components that were not the latest available version. 5% contained a vulnerable version of Log4j.

click here to read more...

 Back