Skip to content

Report: Overwhelming majority of codebases have open source vulnerabilities, half deemed high-risk

Posted by:
< 1 min read

February 22, 2023 – Published on SC Magazine

Despite the industry’s increasing focus on software supply chain security, the overwhelming majority of organizations’ software codebases still contain high-risk open source vulnerabilities, according to a new report from Synopsys.

The company, which provides application security services, said in its annual Open Source Security and Risks Analysis (OSSRA) that among the 1,703 codebases across 17 industries examined in 2022, 84% of codebases contained at least one known open source vulnerability, and nearly half (48%) of those were considered high-risk.  

The Log4j vulnerability was just one of many vulnerabilities highlighting how an increasing number of organizations have adopted free open source code without proper vulnerability management process, making them ripe for potential exploitation.  

Kristen Bell, director of application security engineering at GuidePoint Security, said organizations should eliminate some of the “tail wagging the dog” by maturing their current vulnerability management process and standards to address the persistent threat of open source vulnerabilities.  

Read More HERE.

Categories: Application Security News Vulnerability Management & Penetration Testing

GuidePoint Security

OpenSSL code library patched after high-risk vulnerabilities found
November 1, 2022 – Published on Axios The developer of a widely used open-source code library released a patch to resolve […]
View Page

Related Articles

View All

  • Application Security
OpenSSL code library patched after high-risk vulnerabilities found
Read More < 1 min read
  • Application Security
Application Security as a Service Overview
Read More < 1 min read
  • Application Security
Microsoft Patch Tuesday fixes six zero-day vulnerabilities
Read More < 1 min read