All industries studied contained a high percentage of open source
Three of the 17 industry sectors represented in the 2023 OSSRA report—Aerospace, Aviation, Automotive, Transportation, Logistics; EdTech; and Internet of Things—contained open source in 100% of their audited codebases. The remaining verticals had open source in upwards of 92% of their codebases.
Despite economic uncertainty, audit numbers remained strong
- A total of 1,703 codebases were audited by Synopsys during 2022, of which 96% contained open source.
The Synopsys Audit team conducts audits of thousands of codebases for customers each year, with the primary aim of identifying a range of software risks during M&A transactions. Despite 2022’s economic ambiguity and a corresponding slowdown in tech M&As, audit numbers remained promisingly strong.
Organizations aren’t fixing high-risk vulnerabilities
- Since 2019, all 17 industries in the OSSRA have seen at least a 42% increase in high-risk vulnerabilities, with increases skyrocketing to + 557% in the Retail and eCommerce sectors, and +317% in the Computer Hardware and Semiconductors industry.
New this year, a five-year look-back provided a broader view of open source and security trends. The total percentage of open source in audited codebases by industry, though varied, increased across the board. The same is true for vulnerabilities, where certain industries showed concerning jumps in vulnerabilities, indicating a lack of vulnerability mitigation activity.