LATEST INTELLIGENCE
2020 OPEN SOURCE SECURITY AND RISK ANALYSIS REPORT
PRESENTED BY
Download whitepaper here
Welcome to the 5th edition of Synopsys ’ Open Source Security and Risk Analysis ( OSSRA ) report . The 2020 OSSRA includes insights and recommendations to help security , risk , legal , and development teams better understand the open source security and license risk landscape .
To help organizations develop secure , high-quality software , the Synopsys Cybersecurity Research Center ( CyRC ) publishes research that supports strong cyber security practices . Our annual OSSRA report provides an in-depth snapshot of the current state of open source security , compliance , and code quality risk in commercial software .
For over 16 years , security , development , and legal teams around the globe have relied on Black Duck ® software composition analysis ( SCA ) solutions and open source audits to identify and track open source in code , mitigate security and license compliance risks , and automatically enforce open source policies using existing DevOps tools and processes .
Synopsys ’ Black Duck Audit Services team conducts open source audits on thousands of codebases for its customers each year , often supporting merger and acquisition transactions . In the context of software development , a codebase is the source code and libraries that underlie an application , service , or library .
These audits are anonymized and used as the primary source of data for the OSSRA report . The data is cross-referenced with the Black Duck KnowledgeBase™ to identify potential license compliance and security risks as well as open source operational factors that may affect the overall codebase . The KnowledgeBase currently houses data on open source activity from over 20,000 sources worldwide , making it an authoritative source for open source projects and components .
22 INTELLIGENTCIO www . intelligentcio . com