Press release
Synopsys Study Underscores Need for Comprehensive SBOM as Best Defense in Software Supply Chain Security
84% of codebases contained at least one known open source vulnerability, an almost 4% increase from last year's findings MOUNTAIN VIEW, Calif., Feb. 22, 2023
About this update from Synopsys, Inc.
[{"type":"text","content":"84% of codebases contained at least one known open source vulnerability, an almost 4% increase from last year's findings\nMOUNTAIN VIEW, Calif., Feb. 22, 2023 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) today released the eighth edition of the Open Source Security and Risk Analysis (OSSRA) report. Produced by the Synopsys Cybersecurity Research Center (CyRC), the 2023 OSSRA report examines the results of more than 1,700 audits of commercial and proprietary codebases involved in merger and acquisition transactions and highlights trends in open source usage across 17 industries.\nThe findings of the 2023 OSSRA report deliver an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software with the goal of helping security, legal, risk, and development teams better understand the open source security and license risk landscape. This year's findings revealed an overwhelming majority of codebases (84%) contain at least one known open source vulnerability, a nearly 4% increase from last year.\nThe first step toward reducing business risk from open source, proprietary, and commercial code involves a comprehensive inventory of all software a business uses, regardless of where it comes from or how it's acquired. Only with this complete inventory – a Software Bill of Materials (SBOM) – can organizations establish a strategy to address risk stemming from new security disclosures like Log4Shell.\n\"The 2023 OSSRA report findings underscore the reality of open source as the underlying foundation of most types of software built today,\" said Jason Schmitt, general manager of the Synopsys Software Integrity Group. \"An increase in the average number of open source components rising 13% (from 528 to 595) in this year's audits further reinforces the importance of implementing a comprehensive SBOM that lists all open source components in your applications as well as their licenses, versions, and patch status. This is a foundational strategy towards understanding and reducing business risk by defending against software supply chain attacks.\"\nKey findings from the 2023 OSSRA report include:\nA five-year overview of OSSRA data shows dramatic growth in open source use: The global pandemic contributed to the EdTech sector's adoption of open source, which grew by 163%, with educatio...