Skip to main content
HomeTopicsOpen Source

Open Source

Cybersecurity statistics about open source

Showing 21-40 of 53 results

98% of codebases contain open source components.

Black Duck5/27/2026
Open Source Security

Open source component counts increased by 30% year-over-year.

Black Duck5/27/2026
Dependency ManagementOpen Source Security

68% of audited codebases contain license conflicts, a 12 percentage-point increase from 56% the previous year.

Black Duck5/27/2026
LicensingOpen Source Security

Only 1% of organizations said they decreased the time required for patching a critical or high-priority Linux vulnerability after it was detected.

TuxCare5/27/2026
Vulnerability ManagementPatching

33.33% of respondents reported using two versions of CentOS despite all stable versions now years into end of life.

TuxCare5/27/2026
CentOSEOL

5.56% of respondents reported using all three versions of CentOS despite all stable versions now years into end of life.

TuxCare5/27/2026
CentOSEOL

47.8% of surveyed enterprise open source users said their organization experienced a cybersecurity incident in the past 12 months.

TuxCare5/27/2026
Cybersecurity Incident

Open source using organizations with 1,001–10,000 employees were more than twice as likely to report an incident compared to those with fewer than 100 employees.

TuxCare5/27/2026
Cybersecurity Incident

Among the open-source users whose organizations reported a cybersecurity incident, 61.4% indicated that the incident occurred when a patch was available but had not been applied – a slight increase from 60.4% last year.

TuxCare5/27/2026
Cybersecurity IncidentVulnerabilities

Among respondents who identified at least one affected technology, vulnerabilities tied to reported open source incidents were distributed across infrastructure and middleware (51.9%), software development frameworks and libraries (50.0%), and databases and data technologies (48.1%).

TuxCare5/27/2026
Cybersecurity IncidentVulnerabilities

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 68.8% said they increased automation.

TuxCare5/27/2026
Vulnerability ManagementPatching

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 44.8% said they conducted security training.

TuxCare5/27/2026
Vulnerability ManagementPatching

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 23.0% said they increased IT security staff.

TuxCare5/27/2026
Vulnerability ManagementPatching

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 18.4% said they adopted AI/machine learning.

TuxCare5/27/2026
Vulnerability ManagementPatching

48.5% of surveyed organizations said there was no change in the last 12 months in the time required for patching a critical or high-priority Linux vulnerability once it was detected.

TuxCare5/27/2026
Vulnerability ManagementPatching

Nearly one in four organizations operates on a "skeleton crew" of open-source projects.

TuxCare5/27/2026
Open-Source Projects

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 63.2% said they reviewed/updated internal vulnerability management processes.

TuxCare5/27/2026
Vulnerability ManagementPatching

41.67% of CentOS users report that they're migrating / planning to migrate.

TuxCare5/27/2026
CentOSEOL

41.67% of CentOS users report purchasing or planning to purchase extended support.

TuxCare5/27/2026
CentOSEOL

92.6% of open-source users reported that their organization was aware it was vulnerable before the cybersecurity incident occurred.

TuxCare5/27/2026
Cybersecurity IncidentVulnerabilities