Show threadGraham Perrin19h ago

RE: https://mastodon.social/@FreeBSDFoundation/116676767603367392

2026 Open Source Security and Risk Analysis Report – Software Governance in the AI Era – Black Duck Software, Inc.

https://www.blackduck.com/content/dam/black-duck/en-us/reports/rep-ossra.pdf

― a direct link to the freely-available report that's mentioned in the joint statement from Apereo Foundation, Open Source Initiative (OSI), Open Source Technology Improvement Fund (OSTIF), and FreeBSD Foundation.

"The “Open Source Security and Risk Analysis” (OSSRA) report has been the industry’s definitive look at the state of open source code for a decade. Each year, we analyze anonymized findings from commercial codebases audited by the Black Duck Audit Services team, and this provides an unmatched, real-world view of how open source is used—and sometimes misused—across every major industry. This year’s findings document a pivotal moment: The explosion of AI-assisted development has fundamentally altered the risk landscape for software and the baseline for compliance with new regulatory initiatives such as the EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA). …"

#AI #CRA #DORA #OSI #OSTIF #FreeBSD #OSSRA

Flipboard Tech DeskMay 13, 2025
What a decade of data tells us about the state of open source security, via @TechRadar. #OpenSource #CyberSecurity #OSSRA #Tech #Technology https://flip.it/ITrry9
Ten years of OSSRA: what a decade of data tells us about the state of open source security

A decade of OSSRA reveals growing open source risks

TechRadar
🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉May 13, 2025
🚀 A decade of OSSRA reveals how open source has transformed software development! From 35% to 70% open source code in apps, vulnerabilities have surged too-154 per app on average in 2025. Managing security & licenses is now mission-critical. Dive into the data & future challenges here: https://www.techradar.com/pro/ten-years-of-ossra-what-a-decade-of-data-tells-us-about-the-state-of-open-source-security 🔐💻 #OpenSource #Cybersecurity #OSSRA #DevSecOps #SoftwareSecurity #TechTrends #newz
Ten years of OSSRA: what a decade of data tells us about the state of open source security

A decade of OSSRA reveals growing open source risks

TechRadar
ADMIN MagazineMar 18, 2025
Report from Black Duck shows unmanaged open source components pose serious security risks
https://www.admin-magazine.com/News/Unmanaged-Open-Source-Components-Pose-Serious-Risks-Says-Black-Duck-Report?utm_source=SM
#BlackDuck #security #OpenSource #OSSRA #vulnerabilities #license #compliance #FOSS
Unmanaged Open Source Components Pose Serious R... » ADMIN Magazine

Open source software offers many benefits but, without proper management, can also involve “widespread vulnerabilities, license conflicts, and main...

ADMIN Magazine
Chinstrap CommunityMar 12, 2025

https://chinstrap.community/is-it-a-liability-or-is-it-an-asset-and-a-coss-opportunity/

#blackduck #coss #cybersecurity #opensource #oss #ossra

Is it a liability? Or is it a strength and a COSS opportunity?

On February 25, Black Duck released its tenth annual Open Source Security and Risk Analysis (OSSRA) report. The OSSRA “examines vulnerabilities and license conflicts found in over 950 codebas…

Chinstrap Community
EncryptedFenceJul 6, 2023

📢Shocking findings in the 2023 #OSSRA Report!📊
48% of surveyed codebases in the OSSRA report contain dangerous vulnerabilities!😱
Dive deep into the heart of the problem and fortify your digital defenses 👉https://certerassl.com/blog/unaddressed-high-risk-vulnerabilities-revealed-in-the-2023-ossra-report

#cybersecurity #Vulnerabilities #EncryptedFence

2023 Open Source Security and Risk Analysis Report [OSSRA]

Lets have a deep dive into high-risk vulnerabilities revealed by Open Source Security and Risk. Analysis (OSSRA) report and safeguard your organizations.

EncryptedFence by CerteraSSL - A Complete Web Security Blog
FOSSlifeFeb 28, 2023
2023 Open Source Security and Risk Analysis report from @SynopsysAppsec recommends SBOMs to fight against software supply chain attacks https://www.fosslife.org/2023-synopsys-report-emphasizes-need-sboms #security #Software #SupplyChain #SBOM #OSSRA #licensing #research
ADMIN MagazineFeb 27, 2023
Open Source Security and Risk Analysis report from #Synopsys shows "alarming" increase in high-risk vulnerabilities https://www.admin-magazine.com/News/Synopsys-Report-Shows-Alarming-Increase-in-High-Risk-Vulnerabilities #security #SBOM #OSSRA #IoT #OpenSource #ecommerce #aerospace #aviation #transportation #automotive #logistics
Synopsys Report Shows "Alarming" Incr... » ADMIN Magazine

High-risk vulnerabilities have increased at an "alarming" rate in the past five years, according to the eighth edition of the Open Source...

ADMIN Magazine
FOSSlifeApr 16, 2021
Open Source Security Report: Tim Mackey discusses growing vulnerability issues around the use of improperly updated open source components https://buff.ly/2Qz5mGg #security #open source #code #Synopsys #SoftwareDevelopment #SBOM #OSSRA
Open Source Security Report Highlights Licensing and Updating Issues

Tim Mackey discusses growing vulnerability issues around the use of improperly updated open source components.