Skip to Content

Synopsys releases OSSRA report

Synopsys releases OSSRA report

Snyopsys releases OSSRA report

SUNNYVALE, Calif. – Synopsys, Inc. just released the ninth edition of its annual “Open Source Security and Risk Analysis” (OSSRA) report.

Research in the report highlights that nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities, Which Synopsys said represents a sharp uptick from the previous year.

In the 2024 OSSRA report, the Synopsys Cybersecurity Research Center (CyRC) analyzes anonymized findings from more than 1,000 commercial codebase audits across 17 industries. The report provides security, development and legal teams with a comprehensive view of the open source landscape, including trends in the adoption and use of open source software as well as the prevalence of security vulnerabilities, and software licensing and code quality risks.

While codebases containing at least one open source vulnerability remained consistent year over year at 84%, significantly more codebases contained high-risk vulnerabilities in 2023. Synopsys stated that this can potentially be attributed to variables like economic instability and the consequent layoffs of tech workers, reducing the number of resources e to patch vulnerabilities.

According to the data, the percentage of codebases with high-risk open source vulnerabilities — those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities — increased from 48% in 2022 to 74% in 2023.

“This year’s OSSRA report indicates an alarming rise in high-risk open source vulnerabilities across a variety of critical industries, leaving them at risk for exploitation by cybercriminals,” said Jason Schmitt, general manager, Synopsys Software Integrity Group. “The increasing pressure on software teams to move faster and do more with less in 2023 has likely contributed to this sharp rise in open source vulnerabilities. Malicious actors have taken note of this attack vector, so maintaining proper software hygiene by identifying, tracking and managing open source effectively is a key element to strengthening the security of the software supply chain.”

Additional key findings from the 2024 OSSRA report include a “zombie code” apocalypse, where organizations keep depending on outdated or inactive open source components, high-risk open source vulnerabilities that permeate across critical industries like the computer hardware and semiconductors industry, open source license challenges, and Improper Neutralization weaknesses.

To learn more about the 2024 OSSRA findings, download a copy of the report online at


To comment on this post, please log in to your account or set up an account now.