Vulnerabilities Detected in 86% of Open Source Software Codebases

Published:

spot_img

Unlocking Insights from the 2025 Open Source Security and Risk Analysis Report: Key Vulnerabilities and Best Practices

Security Risks in Open Source Software: A Wake-Up Call for Developers

The latest annual Open Source Security and Risk Analysis (OSSRA) report from Black Duck highlights alarming vulnerabilities within commercial codebases, revealing that 86% are affected by open source software risks. Analyzing 1,658 codebases across 16 industries, the report found that a staggering 81% of these applications harbor high- or critical-risk vulnerabilities.

The surge in open source files was particularly concerning; the average application in 2024 contained more than 16,000 open source files—up from just 5,300 in 2020. This trend indicates a growing reliance on open source components without adequate scrutiny of their security implications. The most prevalent vulnerabilities were linked to outdated versions of jQuery, showing that 43% of applications scanned contained this widely-used JavaScript library, often in its most vulnerable forms.

Mike McGuire, Senior Manager at Black Duck, emphasized the critical need for improved open source dependency management, stating, “Blind spots are prevalent… as industries demand greater supply chain visibility.”

The risks extend beyond just vulnerabilities. According to the findings, 90% of audited codebases contained components that were over four years out of date, potentially widening the attack surface for malicious actors. With only 27% of dependencies included directly and a mere 77% sourced through package managers, many organizations are blind to the full scope of their security landscape.

Industry experts echo the urgency of these findings. Eric Schwake from Salt Security warned of the systemic risks posed by outdated software, while Jason Soroko of Sectigo urged teams to rethink their security strategies as traditional scanning methods miss a significant number of dependencies.

The report serves as a critical reminder for developers to meticulously evaluate their open source usage and prioritize patch management, ensuring both compliance and security in an era where the stakes have never been higher.

spot_img

Related articles

Recent articles

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India’s Largest Plant on Dark Web

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India's Largest Plant on Dark Web A significant cybersecurity breach has emerged involving the Kudankulam Nuclear Power...

Australia-India PACTS Advances Cybersecurity and Technology Cooperation

Australia-India PACTS Advances cybersecurity and Technology Cooperation Australia and India have launched the Australia-India Partnership on Cyber, Critical Technologies, and Supply Chains (PACTS), a strategic...

Microsoft’s July Patch Tuesday Unveils Critical Exploits Amidst 622 Vulnerabilities

Microsoft's July Patch Tuesday Unveils Critical Exploits Amidst 622 Vulnerabilities Microsoft's recent Patch Tuesday has revealed significant vulnerabilities, with two of them already being exploited...

Enshi Suobuya Stone Forest Boosts Cultural Experiences for Southeast Asian Tourists

Enshi Suobuya Stone Forest Boosts Cultural Experiences for Southeast Asian Tourists ENSHI, CHINA - As China continues to refine its inbound visa-free policies, the Suobuya...