Whatever commercial software your company uses, it probably contains open source code. Black Duck Software recently completed its second Open Source Security and Risk Analysis (OSSRA) report based on security audits of anonymized data from more than 1,000 applications in 2016 and found that 96 percent used open source code. The analysis was done by Black Duck’s Center for Open Source Research and Innovation (COSRI).
The use of open source occurs in all industries by organizations of all sizes for good reason. It lowers development costs, speeds time to market, and accelerates innovation. Black Duck’s On-Demand audits found that on average, open source comprised 36 percent of the code base in the scanned applications.
Excerpts from the COSRI analysis in the infographic below includes insights and recommendations to help organizations and their security, risk, legal, and development teams better understand the open source security and license risk landscape.