This year, the 2023 OSSRA took a five-year look back at the data used for the report with the goal of identifying notable trends, some of which were surprising. Since 2019, for example, the number of high-risk vulnerabilities jumped as much as 557% in the retail and eCommerce sector. Likewise, the aerospace, aviation, automotive, transportation, and logistics sector saw a massive 232% increase in high-risk vulnerabilities.
Since 2019, 100% of the codebases from the Internet of Things (IoT) sector contained some amount of open source. The total amount of open source in each codebase has also increased over the years, up 35% since 2019, with 89% of the total code being open source code.
The IoT is an ideal representation of the benefits of open source; IoT organizations (for example, the smart devices offered by Ring, Amazon, and Nest) are under extreme pressure to produce new software, fast. In a fast-paced industry with strong competition, open source helps organizations remain quick on their feet—without it, they couldn’t keep up with the breakneck pace that software development demands.
The downside is the risk of introducing vulnerabilities. The IoT vertical has seen a 130% increase in high-risk vulnerabilities since 2019, and this year, 53% of its audited applications contained high-risk vulnerabilities (one of the higher percentages in OSSRA’s findings). This is particularly concerning when you think about the ubiquity of IoT devices and how so many aspects of our lives are connected to these devices. IoT devices power our lights on automated schedules, meaning they contain data about when we are home and when we are out. We use cameras that contain images of the inside of our homes, smart locks on our front doors, and baby monitors to watch over our children.
See the full 2023 OSSRA report for more details on open source trends from the past five years.