Today, open-source code is everywhere. In fact, 99% of all codebases contain open-source code, and anywhere from 85% to 97% of enterprise codebases come from open-source. What does that mean, exactly? It means that the vast majority of our applications consist of code we did not write. So, the question isn’t if our applications run on open-source code, but rather how much? And on which applications, specifically?
The vulnerabilities in third-party or open-source dependencies have the potential to put any application of any organization at risk, but the threat and possible security impact for mission-critical software – within the software supply chain, specifically – is greater than what we may have thought.