Announcing State of Software Security v11: Open Source Edition
Today, we published the open source edition of our annual State of Software Security report. Solely focused on the security of open source libraries, the report includes analysis of 13 million scans of more than 86,000 repositories, containing more than 301,000 unique libraries. In last year’s open source edition report, we looked at a snapshot of open source library use and security. This year, we went beyond the point-in-time snapshot to examine the dynamics of library development and how developers react to library changes, including the discovery of flaws. We also added some context and color to the data by conducting a survey of Veracode users to better understand their development practices and how they use third-party code. The report reveals that although open source libraries are the foundation of almost all software, it’s not a solid foundation, but rather a constantly evolving and shifting foundation. However, development practices don’t always adapt to the dynamic nature of these libraries, which is leaving organizations exposed. The report’s highlights include:
What appears secure today might not be tomorrow. We looked at the most popular libraries in 2019 vs. 2020, as well as the most popular libraries with known vulnerabilities in 2019 vs. 2020. Bottom line: You can add open source library use to the list of things that changed dramatically in 2020. What’s hot and what’s not, and what’s secure and what’s not, change rapidly.
