Home Article Synopsys releases OSSRA report

Synopsys releases OSSRA report

By SSN Staff

Updated 2:48 PM CST, Tue February 27, 2024

SUNNYVALE, Calif. – Synopsys, Inc. just released the ninth edition of its annual “Open Source Security and Risk Analysis” (OSSRA) report.

Research in the report highlights that nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities, Which Synopsys said represents a sharp uptick from the previous year.

In the 2024 OSSRA report, the Synopsys Cybersecurity Research Center (CyRC) analyzes anonymized findings from more than 1,000 commercial codebase audits across 17 industries. The report provides security, development and legal teams with a comprehensive view of the open source landscape, including trends in the adoption and use of open source software as well as the prevalence of security vulnerabilities, and software licensing and code quality risks.

While codebases containing at least one open source vulnerability remained consistent year over year at 84%, significantly more codebases contained high-risk vulnerabilities in 2023. Synopsys stated that this can potentially be attributed to variables like economic instability and the consequent layoffs of tech workers, reducing the number of resources e to patch vulnerabilities.

According to the data, the percentage of codebases with high-risk open source vulnerabilities — those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities — increased from 48% in 2022 to 74% in 2023.

“This year’s OSSRA report indicates an alarming rise in high-risk open source vulnerabilities across a variety of critical industries, leaving them at risk for exploitation by cybercriminals,” said Jason Schmitt, general manager, Synopsys Software Integrity Group. “The increasing pressure on software teams to move faster and do more with less in 2023 has likely contributed to this sharp rise in open source vulnerabilities. Malicious actors have taken note of this attack vector, so maintaining proper software hygiene by identifying, tracking and managing open source effectively is a key element to strengthening the security of the software supply chain.”

Additional key findings from the 2024 OSSRA report include a “zombie code” apocalypse, where organizations keep depending on outdated or inactive open source components, high-risk open source vulnerabilities that permeate across critical industries like the computer hardware and semiconductors industry, open source license challenges, and Improper Neutralization weaknesses.

To learn more about the 2024 OSSRA findings, download a copy of the report online at www.synopsys.com.

Related Articles

Optimizing Fire Safety with Integrated Cloud Solutions

From Fire Panel to Fire Service: Honeywell's CLSS Paves the Way for Faster, More Reliable Alarm Communication

Inovonics to feature Inovonics Cloud Services software at ISC West, booth #3103

Investing Now Makes the Rest of the Year Less Taxing. Literally.

ZeroEyes’ research reports trend of increased gun incidents during holidays

Security Industry Benefit Concert Raises Over $11,000

Elliott Investment Management calls for break-up at Honeywell

Logicalis US announces availability of Intelligent Security portfolio

ISS named an ‘Outstanding Exporter’ by NASBITE International

ONVIF launches new online learning initiative

Quadrant’s SOC OPs receive 2024 SOC Analyst Appreciation Awards

Pye-Barker Fire & Safety adds New Jersey’s Systems Design Group

Okta innovations to help companies harden security posture

Synopsys report finds over half of surveyed orgs suffered supply chain attack in 2023

Comments

To comment on this post, please log in to your account or set up an account now.

Synopsys releases OSSRA report

Sponsored Stories

Related Articles