The document discusses the increasing prevalence of open source code in applications, noting a rise from 5-10% in 1998 to 60-80% in 2008 and significant growth by 2016. It highlights concerns regarding security vulnerabilities, with 67% of applications containing known open source vulnerabilities, often more than five years old. Additionally, companies were found to use twice as much open source code as they initially reported, indicating challenges in securing and managing open source resources.

1. 1998
5-10% Open Source Code
30-50% Open Source Code
2008
60-80% Open Source Code
2016
Application Layer
Network Layer
Spending
Risk
Security investment
priorities do not
match threats2
.
2
Ponemon Institute State of Application Security Risk Management Report
40% of the known
open source security
vulnerabilities in each
application were
rated as “severe”
3
companies were
using 100% more
open source than
they believed prior
to the audit
Black Duck’s On-Demand
security audits of commercial
applications in 2016 highlight
the challenges organizations
face in effectively securing &
managing their open source.
100 100 100 100 100 100 100 100 10
100 100 100 100 100 100 100 100 10
100 100 100 100 100 100 100 100 10
100 100 100 100 100 100 100 100 10
Companies surveyed were using
twice as much open source as
they reported prior to the audit
3
Custom Code
Open Source Code
The amount
of open
source code in
applications
has grown
significantly
1
The average age of known security
vulnerabilities found in the audits
was more than 5 years old3
of applications
contained
Heartbleed more
than 2 years after
it was discovered
3
67%of applications
contained
known open
source security
vulnerabilities
3
10%
1
Black Duck Estimate
3
2016 Open Source Security Audit Report