International Cyber Expo International Cyber Expo
  • About Us
Wednesday, 8 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Synopsys report reveals dramatic growth in open source use

Majority of codebases (84%) contain at least one known open source vulnerability, a nearly 4% increase from last year.

by The Gurus
February 24, 2023
in Featured
open source security
Share on FacebookShare on Twitter

Now in its 8th edition, the Synopsys “Open Source Security and Risk Analysis” (OSSRA) report launched earlier this week. The 2023 OSSRA report examines the results of more than 1,700 audits of commercial and proprietary codebases involved in merger and acquisition transactions and highlights trends in open source usage across 17 industries.

The report delivers an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software with the goal of helping security, legal, risk, and development teams better understand the open source security and license risk landscape. This year’s findings revealed an overwhelming majority of codebases (84%) contain at least one known open source vulnerability, a nearly 4% increase from last year.

The first step toward reducing business risk from open source, proprietary, and commercial code involves a comprehensive inventory of all software a business uses, regardless of where it comes from or how it’s acquired. Only with this complete inventory – a Software Bill of Materials (SBOM) – can organisations establish a strategy to address risk stemming from new security disclosures like Log4Shell.

“The 2023 OSSRA report findings underscore the reality of open source as the underlying foundation of most types of software built today,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “An increase in the average number of open source components rising 13% (from 528 to 595) in this year’s audits further reinforces the importance of implementing a comprehensive SBOM that lists all open source components in your applications as well as their licenses, versions, and patch status. This is a foundational strategy towards understanding and reducing business risk by defending against software supply chain attacks.”

A five-year overview of OSSRA data shows dramatic growth in open source use: The global pandemic contributed to the EdTech sector’s adoption of open source, which grew by 163%, with educational courses and instructor/student interactions increasingly pushed online. Other sectors experiencing a large spike in open source growth include the Aerospace, Aviation, Automotive, Transportation and Logistics sector with a 97% increase and 74% growth in Manufacturing and Robotics.

Since 2019, high risk vulnerabilities in the Retail and eCommerce sector jumped by 557%. Comparatively, the Internet of Things (IoT) sector, with 89% of the total code being open source, saw a 130% increase in high-risk vulnerabilities in the same period. Similarly, the Aerospace, Aviation, Automotive, Transportation and Logistics vertical was found to have a 232% increase in high-risk vulnerabilities.

The report found that 31% of codebases are using open source with no discernible license or with customised licenses. This is a 55% increase from last year’s OSSRA report. The lack of a license associated with open source code, or a variant of another open source license, may place undesirable requirements on the licensee and will often require legal evaluation for possible IP issues or other legal implications.

Of the 1,480 audited codebases that included risk assessments, 91% contained outdated versions of open source components. Unless an organisation keeps an accurate and up to date SBOM, an outdated component can be forgotten until it becomes vulnerable to a high-risk exploit.

“The key to managing open source risk at the speed of modern development is maintaining complete visibility of application contents,” said Mike McGuire, senior software solutions manager within the Synopsys Software Integrity Group. “By building this visibility into the application lifecycle, businesses can arm themselves with the information needed to make informed, timely decisions regarding risk resolution. Organisations leveraging any type of third-party software should rightfully assume that it contains open source. Verifying this, and staying on top of the associated risk, is as simple as obtaining an SBOM – something easily provided by a vendor taking the necessary steps to secure their software supply chain.”

ShareTweet
Previous Post

CyberSmart Raises £12.75m in Series B Funding Round

Next Post

How to address growing API security vulnerabilities in 2023

Recent News

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

July 7, 2026
George Murnane’s One-Question Test for Real AI

George Murnane’s One-Question Test for Real AI

July 7, 2026
Registration Now Open for International Cyber Expo 2026

Registration Now Open for International Cyber Expo 2026

July 7, 2026
Forescout

Forescout recognised by NATO for cybersecurity capabilities across IT and OT environments

July 7, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol