Vulnerabilities Detected in 86% of Open Source Software Codebases

Global
Vulnerabilities Detected in 86% of Open Source Software Codebases

Published:

Written by: Staff Editor
spot_img

Unlocking Insights from the 2025 Open Source Security and Risk Analysis Report: Key Vulnerabilities and Best Practices

Security Risks in Open Source Software: A Wake-Up Call for Developers

The latest annual Open Source Security and Risk Analysis (OSSRA) report from Black Duck highlights alarming vulnerabilities within commercial codebases, revealing that 86% are affected by open source software risks. Analyzing 1,658 codebases across 16 industries, the report found that a staggering 81% of these applications harbor high- or critical-risk vulnerabilities.

The surge in open source files was particularly concerning; the average application in 2024 contained more than 16,000 open source files—up from just 5,300 in 2020. This trend indicates a growing reliance on open source components without adequate scrutiny of their security implications. The most prevalent vulnerabilities were linked to outdated versions of jQuery, showing that 43% of applications scanned contained this widely-used JavaScript library, often in its most vulnerable forms.

Mike McGuire, Senior Manager at Black Duck, emphasized the critical need for improved open source dependency management, stating, “Blind spots are prevalent… as industries demand greater supply chain visibility.”

The risks extend beyond just vulnerabilities. According to the findings, 90% of audited codebases contained components that were over four years out of date, potentially widening the attack surface for malicious actors. With only 27% of dependencies included directly and a mere 77% sourced through package managers, many organizations are blind to the full scope of their security landscape.

Industry experts echo the urgency of these findings. Eric Schwake from Salt Security warned of the systemic risks posed by outdated software, while Jason Soroko of Sectigo urged teams to rethink their security strategies as traditional scanning methods miss a significant number of dependencies.

The report serves as a critical reminder for developers to meticulously evaluate their open source usage and prioritize patch management, ensuring both compliance and security in an era where the stakes have never been higher.

spot_img

Related articles

Recent articles

Google’s Dark Web Monitoring Is Ending: Next Steps for You

Dark Watch
Google is set to discontinue its dark web monitoring service designed to warn users about the exposure of personal information, such as names, email...
Read more

Understanding the Digital Trust Crisis: Why We Question Every Click

Global
When Convenience Turns into Caution The internet was originally founded on a principle of trust: confidence that online transactions would be secure, personal identities would...
Read more

84 Hours of Internet Blackout in Iran Amid Growing Unrest

Dark Watch
Iran's Internet Blackout: A Deepening Crisis Amid Unrest Four Days Without Connectivity Iran has plunged into a state of digital isolation as an internet blackout enters...
Read more

NSA Appoints Timothy Kosiba to Lead Cybersecurity Strategy

Resources
Appointment of Timothy Kosiba as NSA Deputy Director: A Leadership Milestone The National Security Agency (NSA) has recently announced a pivotal leadership change with the...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com