1 in 10 open source components downloaded in 2018 had a known security vulnerability
A new report by Sonatype looks at the security implications of the growing demand for open source software (OSS). The study shows that the number of security breaches stemming from vulnerabilities in OSS has risen by 71% over the past five years, with almost one in four (24%) of organizations indicating that they have suffered or suspect to have suffered an OSS related breach.
The average business downloads a staggering 313,000 OSS components per year. However, 8.8% of these downloads contain known vulnerabilities that can be exploited by threat actors.