Open source security risks persist in commercial software [Infographic]

Black Duck’s second annual Open Source Security and Risk Analysis report shows that commonly used infrastructure components have high-risk vulnerabilities.

Whatever commercial software your company uses, it probably contains open source code. Black Duck Software recently completed its second Open Source Security and Risk Analysis (OSSRA) report based on security audits of anonymized data from more than 1,000 applications in 2016 and found that 96 percent used open source code. The analysis was done by Black Duck’s Center for Open Source Research and Innovation (COSRI).

The use of open source occurs in all industries by organizations of all sizes for good reason. It lowers development costs, speeds time to market, and accelerates innovation. Black Duck’s On-Demand audits found that on average, open source comprised 36 percent of the code base in the scanned applications.

Applications have become dependent on some open source components. By far the most popular is jQuery, which makes it easier to use JavaScript on websites. It was present in 58 percent of audited applications. The ubiquity of such components makes them targets for attacks from those seeking to exploit security vulnerabilities.

Excerpts from the COSRI analysis in the infographic below includes insights and recommendations to help organizations and their security, risk, legal, and development teams better understand the open source security and license risk landscape.

black duck open source chart Black Duck Software

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about IDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Michael Nadeau

Latest Videos

More videos

Blog Posts