- Almost every application that you use today contains open-source components, and 91% use libraries that are out of date or that have been abandoned altogether.
- According to a new study, the use of open-source software components is still the basis for development. 7 out of 10 lines of code in the average application is coming from an open-source project.
- Our digital security is the hottest topic today. Take a look at the latest information about it in our Cybersecurity category.
- Did you read any news about Windows, hardware, or software? Visit our News Hub for the latest.
According to a new risk assessment study led by Synopsys’s Cybersecurity Research Center, almost every application that you use today contains open-source components, and 91% use libraries that are out of date or that have been abandoned altogether.
The study also found that the use of open-source software components is still the basis for development. 7 out of 10 lines of code in the average application is coming from an open-source project.
The average program has 445 open-source components, a 49% increase over the previous year’s findings, and 91% of applications use at least one component that is either outdated by four or more years or has been abandoned, going two or more years without any development activity, according to the study.
Serious security concerns coming from open-source software
Open-source usage quotas
The security of open-source software is one of the top 3 most important security concerns for application-security teams, simply because open-source components play a critical role in the software development cycles in almost every industry.
As expected, the Internet and software infrastructure sector use 83% of the open source codebases, the first in the list, followed by manufacturers of Internet of things (IoT) devices.
Telecommunications and wireless industry use 46%, the least amount of open-source components, leaving the robotics, manufacturing, and industrial control systems, sectors using half.
The most popular open-source components
2. Bootstrap: a CSS framework directed at responsive, mobile-first front-end web development
3. Font Awesome: a font and icon toolkit
5. jQuery UI: a collection of GUI widgets, animated visual effects, and themes
Open-source components vulnerabilities
The real problem is the fact that most components include open-source components that have vulnerabilities, the report found. Three-quarters of open-source components have a known vulnerability, and half have a critical flaw.
Another problem is the licensing because 68% of codebases have some form of license conflict, says Synopsys.
The OSSRA report is based on Synopsys’s auditing of 1,253 applications, and the company’s assessment of open-source codebases from 20,000 sources.