Open source software security was analyzed in a recent report by Synopsys. According to the report, nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities.
While codebases containing at least one open source vulnerability remained consistent year over year at 84%, significantly more codebases contained high-risk vulnerabilities in 2023. According to the data, the percentage of codebases with high-risk open source vulnerabilities — those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities — increased from 48% in 2022 to 74% in 2023.