Report: 86% Of Codebases Contain Vulnerable Open Source Components
SC Media, Monday, February 24th, 2025
The use of high-risk and outdated open source software (OSS) components is a widespread problem, according to a Black Duck report that revealed 86% of analyzed codebases contained vulnerable open source components.
The 2025 Open Source Security and Risk Analysis (OSSRA) Report, published Tuesday, is based on analyses by Black Duck Audit of 965 commercial codebases across 16 industries, with 901 analyzed for vulnerabilities and operational risk.
OSS was ubiquitous, with 97% of codebases containing open source components. Additionally, the average number of open source files in an application was found to have tripled since 2020, jumping from 5,386 to 16,082.