International Cyber Expo International Cyber Expo
  • About Us
Saturday, 11 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Synopsys Study reveals increase in Vulnerable, Outdated, and Abandoned Open Source Components in Commercial Software

Open source security, license compliance, and maintenance issues are prevailing in every industry sector

by The Gurus
April 13, 2021
in Featured, News, Press Releases, Research, Security News
Latest Version Of Synopsys’ BSIMM10 Study Highlights The Impact Of DevOps On Software Security.
Share on FacebookShare on Twitter

Synopsys, Inc. has released its 2021 Open Source Security and Risk Analysis (OSSRA) report, which examines the result of more than 1,500 audits of commercial codebases. Produced by  the Synopsys Cybersecurity Research Center (CyRC) and performed by the Black Duck® Audit Services team, the report highlights trends in open source usage within commercial applications, while simultaneously providing insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of. It also presents the widespread risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues. 

Open source software provides the foundation for the vast majority of applications across all industries. Unfortunately, these industries, to varying degrees, are struggling to manage the associated risk. As a matter of fact, the study unveiled that 100% of the companies audited in the marketing tech industry sector, including lead generation CRM, and social media, contained open source in their codebases while 95% of the marketing tech codebases contained open source vulnerabilities. On top of this, a staggering 67% of codebases within the healthcare sector, 60% of codebases within the financial services/fintech sector and 71% of codebases within the retail and e-commerce sector also contained vulnerabilities within their open source. 

More alarmingly, the report underscores the widespread use of abandoned open source components: 91% of the codebases contained open source dependencies that had not been developed for the last two years; this means no code improvements and no security fixes. According to Tim Mackey principal security strategist with the Synopsys Cybersecurity Research Center this, however, is “not surprising”. He claims that, “unlike commercial software, where vendors can push information to their users, open source relies on community engagement to thrive.” Disregarded projects aren’t a new problem. The problem lies with addressing the security issues within these unattended projects, as they become increasingly harder to deal with. Even so, Mackey believes that the solution is quite simple – “invest in supporting those projects you depend upon for your success.” 

A new norm: Outdated open source components in commercial software 

85% of the codebases contained open source dependencies that were more than four years out-of-date. While these outdated open source components have active developer communities who publish updates and security patches, these are not being applied by their downstream commercial consumers. As a result, the outdated components can lead to unwieldy technical debt in the form of functionality and compatibility issues that can interfere with future updates. 

Open source vulnerabilities are becoming increasingly pervasive  

In 2020, the percentage of codebases containing vulnerable open source components saw an astounding 9% increase from the year before. Correspondingly, the percentage of codebases containing high-risk vulnerabilities rose from 49% to 60%. In fact, several of the top 10 open source vulnerabilities that were found in codebases in 2019 reappeared in the 2020 audits, although sporting significant percentage increases. 

Open source and licensing 

In 2020 65% of the codebases audited contained open source software license conflicts. These typically involved the GNU General Public License. Surprisingly, 26% of these codebases were using open source with either no license or a customized license. This could lead to possible intellectual property infringement along with other legal concerns. Therefore, especially in the context of merger and acquisition transactions, all three of these issues need to be thoroughly evaluated to avoid potential conflict. 

ShareTweet
Previous Post

Promising news: users are becoming more savvy to COVID-19 based phishing attacks finds KnowBe4

Next Post

FBI removed web shells from Exchange Servers without consent

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol