2018 Open Source Security and Risk Analysis Report Shows Vulnerability and License Risk Continues to Grow

With the growth of open source comes risk. The 2018 Black Duck by Synopsys Open Source Security and Risk Analysis (OSSRA) report provides an in-depth look at the state of open source security, license compliance, and code-quality risk in commercial software.

8% of the audited codebases contained Apache Struts 
33% still contained the Struts vulnerability


Industries represented in the report include the automotive, big data, cybersecurity, enterprise software, financial services, healthcare, Internet of Things (IoT), manufacturing, and mobile app markets.

The OSSRA report provides insights and recommendations to help security, risk, legal, development, and M&A teams understand the open source security and license risk they may face.

Use this report to learn how to defend your organization against the security threats and license compliance risks that may come with your use of open source.


Black Duck. Know your code.