Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Most codebases contain a huge amount of open source vulnerabilities

An abstract image of padlocks overlaying a digital background.

The number of commercial codebases containing high-risk vulnerabilities integrated through open source components has increased dramatically year-on-year. 

A report from Synopsys found almost three-quarters (74%) contained vulnerabilities that are being actively exploited, have proof-of-concepts (PoC), or are classified as remote code execution flaws. The number is up from 48% a year ago.

While the researchers don’t know why the number of high-risk vulnerabilities increased so significantly in just a year, they speculate that economic instability and the consequent layoffs of tech workers might have something to do with it. The overall state of the market has reduced the number of resources available to patch vulnerabilities, leading to the above-mentioned results.

Semiconductor vertical at risk

While the risk is present in various industries, the Computer Hardware and Semiconductor industry has it the worst, with 88% of codebases containing high-risk open-source flaws. 

Manufacturing, Industrial, and Robotics, were close second with 87%. Big Data, AI, BI and Machine Learning industry had 66%, while Aerospace, Aviation, Automotive, Transportation and Logistics industry were at the very bottom, with 33%.

For Jason Schmitt, general manager at Synopsys Software Integrity Group, the report’s findings are “alarming”. “The increasing pressure on software teams to move faster and do more with less in 2023 has likely contributed to this sharp rise in open source vulnerabilities,” he said. “Malicious actors have taken note of this attack vector, so maintaining proper software hygiene by identifying, tracking and managing open source effectively is a key element to strengthening the security of the software supply chain.”

Elsewhere in the report, Synopsys also said that the percentage of codebases containing at least one open-source vulnerability “remained consistent” year-over-year, at 84%.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.