2019 OSSRA Infographic: Open Source Trends and Findings

Do you know what’s in your code? Open source can be a great foundation for modern software development. But if you don’t manage it properly, you open yourself up to security, license compliance, and code quality risks.

The 2019 Open Source Security and Risk Analysis report examines audit data from 1,200+ commercial codebases and reveals trends in how organizations are using and managing open source—and where there’s room to improve. Our new infographic shows the most important open source trends from the 2019 OSSRA report. Download the PDF version here.

There’s been a significant uptick in open source adoption:

• 96% of the codebases contained open source components.
• The average codebase contained 298 open source components.
• In 13 out of 17 industries, more than 50% of the average codebase comprised open source.

More vulnerabilities are being disclosed than ever before:

• Over 40% of the codebases contained at least one high-risk vulnerability.
• 60% of the codebases contained at least one vulnerability.
• 7,393 vulnerabilities were added to the Black Duck KnowledgeBase in 2018.

Many organizations are failing to patch/update open source components:

• One codebase contained a high-risk vulnerability that was nearly 30 years old.
• 43% of the codebases contained vulnerabilities over 10 years old.
• 85% of the codebases contained components that were out of date or inactive for at least two years.

License conflicts add to risk:

• 32% of the audited codebases contained custom licenses that could cause conflict or needed legal review.
• 68% of the codebases contained license conflicts.

Numbers were taken from anonymized data on 1,200+ commercial codebases from 17 industries—from aerospace to virtual reality—examined in 2018 in Black Duck Audits.