In this episode of AppSec Decoded, we discuss the compelling open source trends uncovered in this year’s OSSRA report.
Open source is everywhere. The 7th edition of the “Open Source Security and Risk Analysis” (OSSRA) report, published last week, reported that 97% of the 2,400+ audited codebases contained open source. This shouldn’t come as a surprise. At a time when developers are facing immense pressure to deliver code faster, open source offers the primary benefits of speed and flexibility to address production demands.
The 2022 OSSRA report also noted some compelling trends around the state of open source security risk management, including the substantial decrease in codebases containing licensing conflicts—a decrease of 65% from 2020.
And the negative trends? Well, there’s still some work to be done when it comes to managing open source risks. The 2022 OSSRA report noted that the percentage of CVE-2022-11023 and CVE-2020-11022 found in this year’s codebases increased to 43%, pointing to a conclusion that DevSecOps teams are still struggling to stay on top of known vulnerabilities.
Watch our latest episode of AppSec Decoded as Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys Software Integrity Group, discuss the open source trends discovered in this year’s report and what organizations can do to improve their efforts around open source management.