Open source software offers many benefits but, without proper management, can also involve “widespread vulnerabilities, license conflicts, and maintenance challenges,” according to Black Duck Software’s 2025 Open Source Security and Risk Analysis (OSSRA) report.

The latest report “highlights the pervasive nature of open source software and the significant risks associated with its unmanaged use,” said Fred Bals in a related blog post.

Top findings from this year's report include:

• 97% of all applications evaluated for the report contain open source.
• 90% of audited codebases had open source components more than four years out-of-date.
• 86% of commercial codebases evaluated contained open source software vulnerabilities.
• 81% of these codebases contained high- or critical-risk vulnerabilities.
• 56% of all audited applications had license conflicts.

“The core message of OSSRA 2025 is that organizations must have comprehensive visibility into their code, proactively manage open source risk, and adopt robust security and compliance practices,” Bals said.

Read the full report at Black Duck.