Your open source security problem is worse than you think

Sixty-seven percent of applications reviewed by Black Duck Software contained known open source security vulnerabilities.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

The 200 applications reviewed by Black Duck Software for its "State of Open Source Security in Commercial Applications" report used an average of 105 open source components, comprising 35% of the code. That's twice as much open source as the companies participating in Black Duck's audits were aware they used, according to the report.

With this in mind, the report's findings, summarized in the infographic below, are cause for even greater concern.

Among the highlights:

  • Over half (67%) of applications reviewed, contain known open source security vulnerabilities
  • 39.5% of the open source vulnerabilities in each application were rated as “severe"
  • 10% of applications reviewed contained the popular and now well-known Heartbleed vulnerability

This infographic, based on the Black Duck report, offers valuable insights into the state of open source security.

To continue reading this article register now

Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.