Skip to main content
HomeTopicsOpen Source

Open Source

Cybersecurity statistics about open source

Showing 1-20 of 53 results

In the first 63 days of the Anthropic Claude Mythos Preview, Mythos disclosed 1,596 verified vulnerabilities across 281 open-source projects.

Tuskira6/28/2026
Vulnerability DiscoverySoftware Security

Only 6.1% of Mythos disclosures are marked as patched, despite 90.9% maintainer acknowledgment.

Tuskira6/28/2026
Patch ManagementMythos

The Axios NPM package was downloaded 100 million times per week.

CrowdStrike6/15/2026
Supply ChainSoftware Distribution

Malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.

CrowdStrike6/15/2026
Supply ChainSoftware Security

89% of UK IT decision makers agree that public policy and regulation should mandate open source principles such as transparency and auditability to help organisations achieve AI sovereignty.

Red Hat5/27/2026
AI Policy

IT decision makers say the most valuable open source benefits for building trust in AI over the next three years are transparency and easier auditability (87%), more customisation for business and regulatory needs (82%), and greater control over how AI is built and where it runs (80%).

Red Hat5/27/2026
TrustAuditability

80% of IT decision makers see open source as providing greater control over how AI is built and where it runs.

Red Hat5/27/2026
AI Sovereignty

Fewer than half of organizations plan to increase budgets for 2026.

Endor Labs5/27/2026
BudgetingSecurity Investment

Only 21% of organizations enforce protections like cooldown periods.

Endor Labs5/27/2026
Security ControlsCooldown Period

81% of organizations name OSS malware a top security priority.

Endor Labs5/27/2026
Security PrioritiesOrganizational Risk

88% of IT professionals across DevOps, Security, and Software Engineering roles say the first few days after a package release are the riskiest.

Endor Labs5/27/2026
Risk WindowPackage Releases

In 2025, 92% of npm account takeovers occur.

Endor Labs5/27/2026
Supply ChainAccount Takeover

For of open-source users on enterprise teams, the greatest enemy of security is the uptime mandate.

TuxCare5/27/2026
EnterpriseUptime

Roughly two-thirds (65.7%) of businesses spend 10 hours or less per month on Linux maintenance.

TuxCare5/27/2026
Linux Maintenance

At least 43% of enterprises that use open-source technology report a mechanism in place to monitor whether those technologies are active, in maintenance, or EOL (7.5%do not track; 4.2% are unsure).

TuxCare5/27/2026
EnterpriseEOL

Organizations relying on public project documentation are most strongly represented among those discovering EOL during regular dependency reviews (57.1%).

TuxCare5/27/2026
EOL

Organizations in the 1,001–5,000 employee band are the most reactive, with 69.1% discovering EOL status only after something breaks or a vendor notifies them.

TuxCare5/27/2026
EOL

Teams that surface EOL through dependency reviews (74.3%) or security scanning (69.7%) most often choose upgrades, suggesting planned remediation is more feasible when signals arrive earlier.

TuxCare5/27/2026
EOLDependency Reviews

When EOL is identified through breakage or compatibility failures, reliance on ELS/vendor patching rises (59.7%) while upgrades are least common (18.2%).

TuxCare5/27/2026
EOL

A majority of surveyed organizations report using fewer than 100 direct open-source projects or libraries in production, with the largest share (~35%) clustered between 25 and 99.

TuxCare5/27/2026
Open-Source ProjectsOpen-Source Libraries