Home Article Synopsys releases OSSRA report

Synopsys releases OSSRA report

By SSN Staff

Updated 2:48 PM CST, Tue February 27, 2024

SUNNYVALE, Calif. – Synopsys, Inc. just released the ninth edition of its annual “Open Source Security and Risk Analysis” (OSSRA) report.

Research in the report highlights that nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities, Which Synopsys said represents a sharp uptick from the previous year.

In the 2024 OSSRA report, the Synopsys Cybersecurity Research Center (CyRC) analyzes anonymized findings from more than 1,000 commercial codebase audits across 17 industries. The report provides security, development and legal teams with a comprehensive view of the open source landscape, including trends in the adoption and use of open source software as well as the prevalence of security vulnerabilities, and software licensing and code quality risks.

While codebases containing at least one open source vulnerability remained consistent year over year at 84%, significantly more codebases contained high-risk vulnerabilities in 2023. Synopsys stated that this can potentially be attributed to variables like economic instability and the consequent layoffs of tech workers, reducing the number of resources e to patch vulnerabilities.

According to the data, the percentage of codebases with high-risk open source vulnerabilities — those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities — increased from 48% in 2022 to 74% in 2023.

“This year’s OSSRA report indicates an alarming rise in high-risk open source vulnerabilities across a variety of critical industries, leaving them at risk for exploitation by cybercriminals,” said Jason Schmitt, general manager, Synopsys Software Integrity Group. “The increasing pressure on software teams to move faster and do more with less in 2023 has likely contributed to this sharp rise in open source vulnerabilities. Malicious actors have taken note of this attack vector, so maintaining proper software hygiene by identifying, tracking and managing open source effectively is a key element to strengthening the security of the software supply chain.”

Additional key findings from the 2024 OSSRA report include a “zombie code” apocalypse, where organizations keep depending on outdated or inactive open source components, high-risk open source vulnerabilities that permeate across critical industries like the computer hardware and semiconductors industry, open source license challenges, and Improper Neutralization weaknesses.

To learn more about the 2024 OSSRA findings, download a copy of the report online at www.synopsys.com.

Related Articles

Inovonics to feature Inovonics Cloud Services software at ISC West, booth #3103

Investing Now Makes the Rest of the Year Less Taxing. Literally.

WeSuite’s Tracy Larson Shares How Speed and Accuracy Grow Sales Organizations

Four Ways Your Sales Process Defines Company Growth & Profitability

ADT – Knoxville, TN Receives TMA Five Diamond Monitoring Center Designation

Vitaprotech announces Delphine Guerrier as CEO EMEA

ALCEA and LRG Inc. announce security partnership

Iowa’s East Union Community School District to deploy ZeroEyes

Paladin Technologies launches ULC-certified monitoring station

Secure Logiq launches new website

Vince DiValerio retires after 48-year career with Vector Security

RapidFire acquires Albuquerque Low Voltage

Nice launches smart garage door opener and new mobile app

Everon’s ‘momentum is real,’ says CEO Dan Bresingham

SMS 2FA out at Twitter for non-subscribers

KPMG joins forces with Vectra AI to reduce hybrid cloud cyber risk

Comments

To comment on this post, please log in to your account or set up an account now.

Synopsys releases OSSRA report

Sponsored Stories

Related Articles