close search bar

Sorry, not available in this language yet

close language selection

2024 Open Source Security and Risk Analysis Report

The annual “Open Source Security and Risk Analysis” (OSSRA) report, now in its ninth edition, examines vulnerabilities and license conflicts found in over 1,000 codebases across 17 industries. The report offers recommendations to help security, legal, risk, and development teams better understand open source security and the license risk landscape, especially in the context of securing the software supply chain.

Open Source Security and Risk Analysis Report

Open Source Is Everywhere

With the prevalence of open source and the rise in AI-generated code, more applications are now built with third-party code. Open source has become so interconnected with modern development that security and development teams struggle to identify all the components in their software.

96% of total codebases contain open source
77% of all code in the total codebases originated from open source
84% of codebases contained at least one open source vulnerability
54% increase in codebases containing high-risk vulnerabilities

High-Risk Vulnerabilities Are on the Rise 

Although the overall percentage of codebases containing security vulnerabilities remained the same as the previous year, the severity of those vulnerabilities increased a staggering 54% for codebases containing high-risk vulnerabilities.

Open Source Code Needs Updating

Forty-nine percent of codebases examined contained open source that had no new development in the last two years. Additionally, 91% of the 900+ risk-assessed codebases contained components 10 versions or more behind the most current version, indicating that open source consumers need to improve their maintenance practices.  

49% of codebases that had risk assessments contained open source that had no new development in the last two years

Download the Report

2024 OSSRA Report

Get a deep dive into the state of open source security, licensing, code quality, and maintenance risk

Open Source Security and Risk Analysis Report | Synopsys

Download the report now