74 percent of codebases have high-risk open source vulnerabilities

No Comments

The percentage of codebases with high-risk open source vulnerabilities -- those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities -- increased from 48 percent in 2022 to 74 percent in 2023, according to new research.

The Open Source Security and Risk Analysis (OSSRA) report from Synopsys is based on findings from more than 1,000 commercial codebase audits across 17 industries. While codebases containing at least one open source vulnerability remain consistent year-on-year at 84 percent, significantly more codebases contained high-risk vulnerabilities in 2023.

"This year's OSSRA report indicates an alarming rise in high-risk open source vulnerabilities across a variety of critical industries, leaving them at risk for exploitation by cybercriminals," says Jason Schmitt, general manager of the Synopsys Software Integrity Group. "The increasing pressure on software teams to move faster and do more with less in 2023 has likely contributed to this sharp rise in open source vulnerabilities. Malicious actors have taken note of this attack vector, so maintaining proper software hygiene by identifying, tracking and managing open source effectively is a key element to strengthening the security of the software supply chain."

Among other findings are that 91 percent of codebases contain components that are 10 or more versions out-of-date, and nearly half (49 percent) of codebases contain components that have had no development activity within the past two years.

Broken down by industry, the computer hardware and semiconductors sector has the highest percentage of codebases with high-risk open source vulnerabilities (88 percent), followed closely by manufacturing, industrials and robotics at 87 percent. Closer to the middle of the pack, the big data, AI, BI and machine Learning industry had 66 percent of its codebases impacted by high-risk vulnerabilities. At the bottom of the list, the aerospace, aviation, automotive, transportation and logistics industry still has high-risk vulnerabilities in 33 percent of its codebases.

You can get the OSSRA report from the Synopsys site.

Image credit: lightsource/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

How threat intelligence can improve vulnerability management outcomes

Ubuntu Linux-based Voyager 24.04 LTS unites GNOME and Xfce

Kioxia unveils TransMemory U304 USB flash drive

Microsoft and Estée Lauder transform the beauty industry with AI

Microsoft and IBM open source MS-DOS 4.00

Software file converters: How they work and why you need them

Human risk management automation can help beat burnout

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.