Penguin: Massive Increase in Open Source Adoption, 78% of Code Has At Least One Vulnerability, Average 64 Vulnerabilities per Codebase


Open source, open season

It found that there has been a massive increase in open source adoption, with 96 percent of the applications scanned containing open source components. It also found that the average number of open source components per codebase (257) had grown by 75 percent over the previous year, with many applications containing more open source than proprietary code.

Worryingly though, 78 percent of the codebases examined contained at least one open source vulnerability, with an average 64 vulnerabilities per codebase.

Over 54 percent of the vulnerabilities found in audited codebases were considered high-risk, while 17 percent of the codebases contained a highly publicised vulnerability such as: Heartbleed, Logjam, Freak, Drown, or Poodle.