Open source rules. Everyone from Apple to Microsoft to
Zoom uses it. Don't believe me?
Synopsys, a software and silicon design company, which also covers intellectual property, reported in its
2020 Open Source Security and Risk Analysis (OSSRA) report that nearly all (99%) of audited codebases contained at least one open-source component. That's good news. The bad news is 91% of the codebases containing components were either more than four years out of date or had seen no development activity in the last two years.
Not good. Underlining how disturbing this is,
Synopsys Cybersecurity Research Center (CyRC) found that open source made up 70% of all. That's a lot of aged and abandoned open-source software. Old software, unlike fine wine, does not age well.
The report is based on the results of over 1,250 commercial codebase audits. Even more worrying is that 75% of audited codebases contain open-source components with known security vulnerabilities. That's up from 60% in 2019. Almost half (49%) of the codebases contained high-risk vulnerabilities. That's up from 40% last year.