Eighty-six percent of application codebases contained open source vulnerabilities, indicating the elevated prevalence of high-risk open source software components amid the surging adoption of open source files, SC Media reports.Apps with high- and critical vulnerabilities increased from 74% in 2023 to 81% in 2024, with the jQuery JavaScript library accounting for 80% of the most reported high-risk security issues, according to findings from application security software provider Black Duck. Additional findings revealed that more than half of OSS components in codebases were transitive dependencies, which not only hinder risk visibility but also lead to license conflicts."The most significant takeaway from my perspective is that blind spots are prevalent when it comes to open source dependency management," said Mike McGuire, senior manager and OSSRA Data Advisor at BlackDuck. "We've stressed for some time the importance of eliminating blind spots, and that has become particularly important as more industries and consumers demand complete supply chain visibility."
You can skip this ad in 5 seconds