Synopsys
At the same time, in most cases, the used third-party open source code is not updated and contains potential security problems - 91% of the considered codebases have open components that have not been updated for more than 5 years or at least two years are in an abandoned form and are not maintained by developers. As a result, 75% of the open source code identified in the open source repositories has unpatched known vulnerabilities, of which half have a high level of severity. In the sample for 2018, the share of code with vulnerabilities was 60%.
The most common dangerous vulnerability was
problem
In addition to security in the code bases of commercial projects, there is also a negligent attitude towards compliance with the terms of free licenses.
In 73% of codebases, problems were found with the legality of using open source, such as license incompatibilities (generally, GPL code is included in commercial products without opening a derivative product) or using code without specifying a license. 93% of all license problems occur in web and mobile applications. In games, virtual reality systems, multimedia and entertainment programs, violations were noticed in 59% of cases.
In total, the study identified 124 typical open components that are commonly used in all codebases. The most popular ones are: jQuery (55%), Bootstrap (40%), Font Awesome (31%), Lodash (30%) and jQuery UI (29%). In terms of programming languages, the most popular are JavaScript (used in 74% of projects), C++ (57%), Shell (54%), C (50%), Python (46%), Java (40%), TypeScript (36% ), C# (36%); Perl (30%) and Ruby (25%). The total share of programming languages ββis:
JavaScript (51%), C++ (10%), Java (7%), Python (7%), Ruby (5%), Go (4%), C (4%), PHP (4%), TypeScript ( 4%), C# (3%), Perl (2%) and Shell (1%).
Source: opennet.ru