The 2020 Open Source Security and Risk Analysis Report includes recommendations and insights to help security, risk, legal and development teams better understand the open source security and license risk landscape. It provides an in-depth snapshot of the current state of open source security, compliance and code quality risk in commercial software.
Open source components and libraries are the foundation of literally every application in every industry. The need to identify, track, and manage open source has increased exponentially with the growth of its use in commercial software. License identification, processes to patch known vulnerabilities, and policies to address outdated and unsupported open source packages are all necessary for responsible open source use.