Most open source software has security vulnerabilities

Audit highlights flaws in security across wide range of open source applications

Open Source

An audit of more than a thousand applications containing open source code has found that 60% of them have some kind of security vulnerability.

Open source security firm Black Duck analysed 1,017 applications for its 2017 Open Source Security and Risk Analysis (OSSRA), and found that 96% of the apps contained open source code and more than 60% of the apps contained open source security vulnerabilities. 

The survey also looked at applications used in the financial sector, discovering that, on average, they contained 52 open source vulnerabilities per application, with 60% of the applications containing high risk vulnerabilities. The retail and e-commerce industry had the highest proportion of applications with high-risk open source vulnerabilities, with 83% of audited applications containing high-risk vulnerabilities.

Black Duck CEO Lou Shipley called the findings an "eye opener" for security professionals, because the application layer is a primary target for hackers. "Exploits of open source vulnerabilities are the biggest application security risk that most companies have," he said.

Advertisement - Article continues below
Advertisement - Article continues below

Chris Fearon, director at Black Duck's open source security research group, COSRI's security research arm, said that while many are using open source, very few are doing an adequate job detecting, remediating and monitoring open source vulnerabilities in their applications.

"The COSRI analysis of the audits clearly demonstrates that organisations in every industry have a long way to go before they are effective in managing their open source," he said.

The report also showed that open source licence conflicts were also found to be widespread in the audited applications, with 85% of audited applications containing components with license conflicts. The most common challenges were general public license (GPL) GPL violations, with 75% of applications containing components under the GPL family of licenses, but only 45% of those applications in compliance with GPL obligations.

"Open source use is ubiquitous worldwide and recent research reports show that between 80% and 90% of the code in today's apps is open source. This isn't surprising because open source is valuable in lowering dev costs, accelerating innovation and speeding time to market. Our audits confirmed the universal use, but also revealed troubling levels of ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges," added Shipley.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now


operating systems

Best Linux distros 2019

24 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

IBM doubles down on Red Hat independence

10 Jul 2019

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020