2021

OPEN SOURCE SECURITY
AND RISK ANALYSIS REPORT

2021 Open Source Security & Risk Analysis Report

Now in its sixth year, the 2021 Open Source Security and Risk Analysis (OSSRA) report exposes vulnerabilities and license conflicts found in more than 1,500 codebases across 17 industries. The report includes recommendations to help developers and consumers understand the software ecosystem they are a part of, as well as the risks accompanying open source development and use.

OPEN SOURCE IS ON THE RISE...

As the role of developers has grown more vital, so has the prominence of open source code. Today, open source libraries are the foundation for every application in every industry. It’s so prevalent that many code owners aren’t aware of all the open source components in their software.

259% Increase Over 5 years I N C REA S E O VE R 5 YEAR S

An average of 84 Open Source Components Per App

2016

2020

An average of 528 Open Source Components Per App

...AS ARE VULNERABILITIES

As the use of open source has grown, unfortunately so has the number of vulnerabilities. This year’s report shows a 9% increase in vulnerabilities from the previous year—the second-highest year-on-year increase in the report’s six-year history. This trend indicates that more and more software is at risk across every industry.

...AND HIGH-RISK VULNERABILITIES

Paralleling the increase in vulnerabilities is the increase in high-risk vulnerabilities. This year’s report shows an 11% increase from the previous year. The majority of these have been in the code for more than two years and have documented solutions available.

  • Percentage of codebases containing at least one vulnerability
  • Percentage of high-risk vulnerabilities per codebases
Vulnerabilities in codebases graph chart

KEY INDUSTRIES DURING COVID WERE VULNERABLE

Several industries saw exponential growth in revenue during the past year, largely due to market and societal changes during COVID. This year’s report reveals a correlation between these industries and the use of open source in their applications—and vulnerabilities as well. In fact, these high-growth industries had the largest number of vulnerabilities and high-risk vulnerabilities.

Retail and E-Commerce almost 80%, Healthcare, Health Tech, Life Sciences almost 70%, Enterprise Software/SaaS more than 60%, EdTech more than 50%

2021 OSSRA Report A deep dive into the state of open source security,
licensing, code quality, and maintenance risk