Click here to load reader
Upload
black-duck-software
View
266
Download
4
Embed Size (px)
Citation preview
1998
5-10% Open Source Code
30-50% Open Source Code
2008
60-80% Open Source Code
2016
Application Layer
Network Layer
Spending
Risk
Security investment priorities do not
match threats2.2 Ponemon Institute State of Application Security Risk Management Report
40% of the known open source security vulnerabilities in each application were rated as “severe”3
companies were using 100% more open source than they believed prior
to the audit
Black Duck’s On-Demand security audits of commercial applications in 2016 highlight the challenges organizations face in effectively securing & managing their open source.
100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100
Companies surveyed were using twice as much open source as
they reported prior to the audit3
Custom Code
Open Source Code
The amount of open source code in applications has grown significantly
1
The average age of known security vulnerabilities found in the audits
was more than 5 years old3
of applications contained
Heartbleed more than 2 years after it was discovered3
67%of applications
contained known open
source security vulnerabilities3
10%
1 Black Duck Estimate
3 2016 Open Source Security Audit Report