The State of Open Source Security
Trends and best practices from real-world software supply chains.
Open-source libraries help software developers meet aggressive deadlines. As a result, these libraries and their classes continue to proliferate and grow in complexity—increasing the risk they pose while making it more difficult to secure modern applications.
The 2021 State of Open-source Security Report uses telemetry from actual applications protected by Contrast OSS and Contrast Assess to reveal key trends about library usage, vulnerabilities, and best practices. Key findings include:
- While the average application contains 118 libraries, only 38% of libraries are active.
- The average library uses a version that is 2.5 years old—which increases the risk of unaddressed vulnerabilities.
- The average Java application has 50 open-source library vulnerabilities.
- High-risk licenses are present in 69% of Java applications and 33% of Node applications—exposing organizations to significant legal consequences.