Skip to content

The State of Open Source Security

Trends and best practices from real-world software supply chains.

Open-source libraries help software developers meet aggressive deadlines. As a result, these libraries and their classes continue to proliferate and grow in complexity—increasing the risk they pose while making it more difficult to secure modern applications.

The 2021 State of Open-source Security Report uses telemetry from actual applications protected by Contrast OSS and Contrast Assess to reveal key trends about library usage, vulnerabilities, and best practices. Key findings include:

  • While the average application contains 118 libraries, only 38% of libraries are active.

  • The average library uses a version that is 2.5 years old—which increases the risk of unaddressed vulnerabilities.

  • The average Java application has 50 open-source library vulnerabilities.

  • High-risk licenses are present in 69% of Java applications and 33% of Node applications—exposing organizations to significant legal consequences.
Download Report