"Ninety-One Percent of Commercial Applications Contain Outdated or Abandoned Open Source Components"
Synopsys' 2020 Open Source Security and Risk Analysis (OSSRA) report discusses findings from the examination of more than 1,250 audited commercial codebases. The report highlights the latest shifts and patterns in the use of open source components in software development and deployment. According to the report, over 90% of commercial codebases contain at least one open source component, with open source making up 70% of the audited code. The most concerning trends observed in the analysis include the continued widespread use of outdated or abandoned open source components, the increasing use of vulnerable open source components, and the prevalence of open source conflicts that put intellectual property at risk. These findings bring further attention to the continued struggle faced by organizations to track and manage the risk posed by open source software and components. This article continues to discuss key findings shared in the 2020 OSSRA report.