AppSec Decoded: Open source trends uncovered in the 2023 OSSRA report
In this episode, we discuss what the OSSRA report tells us about the popularity of open source and the risks it brings.
Software may not be as universal as the air we breathe, but it’s getting close. We all depend on it in multiple ways—if you’re a business, even if you’re not selling a software product, you’re still using it to run your operations.
And most of that software is open source. It’s not only present in nearly every codebase now in use, but it also amounts to an average of about 76% of the components in those codebases.
That’s why you need the annual “Open Source Security and Risk Analysis” (OSSRA) report by the Synopsys Cybersecurity Research Center. You can download a copy of the new eighth edition now for free. As the OSSRA puts it, “Open source is the foundation for every application we rely on today.” Which means you need to track and maintain it to protect your organization.
In this, the first of two AppSec Decoded conversations focused on the OSSRA report, hear Mike McGuire, senior software solutions manager with the Synopsys Software Integrity Group, who played a major role in the research and analysis that supports the latest OSSRA report, in conversation with Taylor Armerding, security advocate at Synopsys. They cover the many benefits of open source, which is why it’s so popular, as well as the unique risks it brings that need to be managed and mitigated.
