41% of cyber-security apps contain high-risk open source vulnerabilities

Open source adoption in the enterprise is growing fast, but statistics regarding open source vulnerabilities in codebases are also rising

Analysing anonymised data from more than 1,100 commercial codebases, the researchers found that 96 percent of the applications audited across 2017 contained open source components. Representing industries from automotive to healthcare, financial services to manufacturing, and even cyber-security, the report reckons this reflects a 75 percent growth in open source adoption over the previous year. Indeed, the research suggests that most applications now contain more open source code than they do proprietary code. Which is all good news for fans of open source. The less good news is that 78 percent of the audited codebases contained at least one open source vulnerability. More worrying is that 54 percent of these vulnerabilities were considered to be high-risk, and 17 percent were very well publicised ones such as Freak, Heartbleed and Poodle.

Click here to read complete article