OPEN
SOURCE
SECURITY
AND RISK
ANALYSIS
REPORT
2021 Open Source Security & Risk Analysis Report
Now in its sixth year, the 2021 Open Source Security and Risk Analysis (OSSRA) report exposes vulnerabilities and license conflicts found in more than 1,500 codebases across 17 industries. The report includes recommendations to help developers and consumers understand the software ecosystem they are a part of, as well as the risks accompanying open source development and use.
As the role of developers has grown more vital, so has the prominence of open source code. Today, open source libraries are the foundation for every application in every industry. It’s so prevalent that many code owners aren’t aware of all the open source components in their software.
An average of 84 Open Source Components Per App
2016
2020
An average of 528 Open Source Components Per App
As the use of open source has grown, unfortunately so has the number of vulnerabilities. This year’s report shows a 9% increase in vulnerabilities from the previous year—the second-highest year-on-year increase in the report’s six-year history. This trend indicates that more and more software is at risk across every industry.
Paralleling the increase in vulnerabilities is the increase in high-risk vulnerabilities. This year’s report shows an 11% increase from the previous year. The majority of these have been in the code for more than two years and have documented solutions available.
Several industries saw exponential growth in revenue during the past year, largely due to market and societal changes during COVID. This year’s report reveals a correlation between these industries and the use of open source in their applications—and vulnerabilities as well. In fact, these high-growth industries had the largest number of vulnerabilities and high-risk vulnerabilities.
2021 OSSRA Report
A deep dive into the state of open source security,
licensing, code quality, and maintenance risk