Open Source
Cybersecurity statistics about open source
Related Topics
Showing 21-40 of 53 results
98% of codebases contain open source components.
Open source component counts increased by 30% year-over-year.
68% of audited codebases contain license conflicts, a 12 percentage-point increase from 56% the previous year.
Only 1% of organizations said they decreased the time required for patching a critical or high-priority Linux vulnerability after it was detected.
33.33% of respondents reported using two versions of CentOS despite all stable versions now years into end of life.
5.56% of respondents reported using all three versions of CentOS despite all stable versions now years into end of life.
47.8% of surveyed enterprise open source users said their organization experienced a cybersecurity incident in the past 12 months.
Open source using organizations with 1,001–10,000 employees were more than twice as likely to report an incident compared to those with fewer than 100 employees.
Among the open-source users whose organizations reported a cybersecurity incident, 61.4% indicated that the incident occurred when a patch was available but had not been applied – a slight increase from 60.4% last year.
Among respondents who identified at least one affected technology, vulnerabilities tied to reported open source incidents were distributed across infrastructure and middleware (51.9%), software development frameworks and libraries (50.0%), and databases and data technologies (48.1%).
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 68.8% said they increased automation.
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 44.8% said they conducted security training.
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 23.0% said they increased IT security staff.
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 18.4% said they adopted AI/machine learning.
48.5% of surveyed organizations said there was no change in the last 12 months in the time required for patching a critical or high-priority Linux vulnerability once it was detected.
Nearly one in four organizations operates on a "skeleton crew" of open-source projects.
When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 63.2% said they reviewed/updated internal vulnerability management processes.
41.67% of CentOS users report that they're migrating / planning to migrate.
41.67% of CentOS users report purchasing or planning to purchase extended support.
92.6% of open-source users reported that their organization was aware it was vulnerable before the cybersecurity incident occurred.