In this episode of AppSec Decoded, we discuss the major open source trends identified within the 2021 OSSRA report.
The explosive growth of open source is not new. Developers have been using this collaborative method of building software applications to meet the market demands for quality and speed for many years.
Synopsys has conducted research on trends in open source usage with commercial applications since 2015. It releases an annual report of its findings with the aim of helping developers better understand the interconnected software ecosystem they work in. The 2021 “Open Source Security and Risk Analysis” (OSSRA) report examines more than 1,500 audits of commercial codebases across 17 industries.
Key takeaways from this year’s OSSRA report
In this episode of AppSec Decoded, Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center (CyRC), discusses some key aspects to look at in the 2021 OSSRA report. This year, several findings were notable:
- Growth of the number of components within a codebase
- Several CVEs increasing in prevalence
- Open source code vulnerabilities trending in wrong direction (up 9% from last year)
- Outdated open source components in commercial software is the norm (85%)
Watch the AppSec Decoded interview with Tim Mackey to learn more.
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/appsec-decoded-ossra-open-source-findings/