The 2022 Open Source Security and Risk Analysis (OSSRA) report provides an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software. Open source is ubiquitous and managing it responsibly is essential to ensure software security. Businesses should create a comprehensive inventory of software used, known as a software Bill of Materials (SBOM), to identify and track open source code and automate open source policy enforcement. Prompt identification and mitigation of high-risk vulnerabilities can help teams address the risks that pose the greatest threat to their organizations, and understanding license risk is important to avoid conflicts.
Data from the Synopsys Cybersecurity Research Center (CyRC) reveals that the majority of codebases scanned in 2021 contained open source, with 81% containing at least one known open source vulnerability. Open source license conflicts were found in 53% of the 2021 audited codebases, with the Computer Hardware and Semiconductors sector having the highest rate at 93%. The 2022 OSSRA report provides key recommendations to help developers and consumers better understand the open-source ecosystem and manage open-source responsibly.
Credit - This report is from ©2022 Synopsys, Inc. All rights reserved. Synopsys is a trademark of Synopsys, Inc. in the United States and other countries. A list of Synopsys trademarks is available at www.synopsys.com/copyright.html. All other names mentioned herein are trademarks or registered trademarks of their respective owners. April 2022
To read the report, please visit, SYNOPSIS OSSRA REPORT