Black Duck Analysis Surfaces Raft of Open Source Software Vulnerabilities in Code Bases - DevOps.com

Black Duck Analysis Surfaces Raft of Open Source Software Vulnerabilities in Code Bases - DevOps.com

Briefly

An analysis of 965 commercial codebases across 16 industries found that 86% contained open-source software vulnerabilities, with 81% categorized as high or critical risks.

DevOps.comhttps://devops.com/black-duck-analysis-surfaces-raft-of-open-source-software-vulnerabilities-in-code-bases/

The reliance on outdated open-source components is alarming; 90% of audited codebases had elements over four years old, leading to significant security concerns.

DevOps.comhttps://devops.com/black-duck-analysis-surfaces-raft-of-open-source-software-vulnerabilities-in-code-bases/

Black Duck's report revealed that the average application has tripled its open-source files in four years, pointing to a growing complexity in maintaining software security.

DevOps.comhttps://devops.com/black-duck-analysis-surfaces-raft-of-open-source-software-vulnerabilities-in-code-bases/

Mike McGuire emphasized the overwhelming challenge developers face with the volume of vulnerabilities, noting that critical updates are often neglected due to time constraints.

DevOps.comhttps://devops.com/black-duck-analysis-surfaces-raft-of-open-source-software-vulnerabilities-in-code-bases/