Unmanaged Open Source Components Pose Serious Risks, Says Black Duck Report

By

97% of applications evaluated for the report contain open source.

Open source software offers many benefits but, without proper management, can also involve “widespread vulnerabilities, license conflicts, and maintenance challenges,” according to Black Duck Software’s 2025 Open Source Security and Risk Analysis (OSSRA) report.

The latest report “highlights the pervasive nature of open source software and the significant risks associated with its unmanaged use,” said Fred Bals in a related blog post.

Top findings from this year's report include:

  • 97% of all applications evaluated for the report contain open source.
  • 90% of audited codebases had open source components more than four years out-of-date.
  • 86% of commercial codebases evaluated contained open source software vulnerabilities.
  • 81% of these codebases contained high- or critical-risk vulnerabilities.
  • 56% of all audited applications had license conflicts.

“The core message of OSSRA 2025 is that organizations must have comprehensive visibility into their code, proactively manage open source risk, and adopt robust security and compliance practices,” Bals said.

Read the full report at Black Duck.
 
 

 
 
 

03/07/2025
maintenance , Open Source , Security

Related content

  • Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
  • Cyber Resilience Act Poses Risk to Open Source Projects
    more »
  • Photo by Elijah Mears on Unsplash
    Cost management for cloud services
    Cost management for clouds, containers, and hybrid environments tends to be neglected for reasons of complexity. The open source Koku software shows some useful approaches to this problem, although the current version still has some weaknesses.
    more »
  • News for Admins
    In the news: StarlingX 8.0 Edge Platform; Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities; Akamai Connected Cloud; Red Hat Enterprise Linux Available on Oracle Cloud; Wine 8.0; LibreOffice 7.5; Veracode Report Tracks Security Flaws Over the Application Lifecycle; and Malware Remains Top Cause of Cybersecurity Incidents.
    more »
comments powered by Disqus