Your open source security problem is worse than you think

Sixty-seven percent of applications reviewed by Black Duck Software contained known open source security vulnerabilities.

The 200 applications reviewed by Black Duck Software for its "State of Open Source Security in Commercial Applications" report used an average of 105 open source components, comprising 35% of the code. That's twice as much open source as the companies participating in Black Duck's audits were aware they used, according to the report.

With this in mind, the report's findings, summarized in the infographic below, are cause for even greater concern.

Among the highlights:

  • Over half (67%) of applications reviewed, contain known open source security vulnerabilities
  • 39.5% of the open source vulnerabilities in each application were rated as “severe"
  • 10% of applications reviewed contained the popular and now well-known Heartbleed vulnerability

This infographic, based on the Black Duck report, offers valuable insights into the state of open source security.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)