The 2020 Open Source Security and Risk Analysis (OSSRA) report provides an in-depth look at the state of open source security, compliance, and code quality risk in commercial software. This year the analysis examines findings from the anonymized data of over 1,250 commercial codebases audited in 2019.
Here are some of the statistical findings:
- 99% of the codebases scanned contained at least one open source component.
- The average codebase contained 445 open source components, up from 298 in 2018.
- 75% of the codebases contained at least one open source vulnerability.