Synopsys Study Shows 91% of Commercial Applications Contain Outdated or Abandoned Open Source Components
Synopsys released the 2020 Open Source Security and Risk Analysis (OSSRA) report, produced by the SynopsysCybersecurity Research Center (CyRC), which examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The report highlights trends and patterns in open source usage within commercial applications, and provides insights and recommendations to help organizations better manage open source risk from a security, license compliance, and operational perspective.
The 2020 OSSRA report reaffirms the critical role that open source plays in today's software ecosystem, revealing that effectively all (99 percent) of the codebases audited over the past year contain at least one open source component, with open source comprising 70 percent of the code overall. More notable is the continued widespread use of aging or abandoned open source components, with 91 percent of the codebases containing components that either were more than four years out of date or had seen no development activity in the last two years.