The company Snyk has released a report that analyzes The State of Open Source Security focusing on three main areas: the Open Source panorama, the life cycle of a vulnerability detected in Open Source and the future of this type of software.
The data is based on a survey of 500 open-source software active users, more than 40,000 projects, information from Red Hat and repositories of GitHub, packages, and records.
As for the Open Source panorama, the report highlights the following data from the last year:
-The number of Rubygems has increased by 10.3%.
-The number of Python libraries has grown by 32%.
-The number of Maven artifacts has risen by 28%.
-The number of npm packages has increased by 57%.
-The number of publicly available applications in Docker Hub is now 900,000, compared to 460,000 last year.
-Between the 1st of January and the 30th of September 2017, 6,300 million Python packages were downloaded.
On the life cycle of a vulnerability found in Open Source software, Snyk assures that the average time from the introduction of the vulnerability to its discovery is 2.89 years and that 75% of the vulnerabilities are not discovered by the code maintainers themselves. Among other interesting data, it has been highlighted that the average time that has come to pass from the inclusion of a vulnerability to its discovery has been 2.5 years and fixed to 16 days the average time that passes until a discovered vulnerability is corrected.
Regarding the future of Open Source, the report ensures that this latter is expanding in a clear and unstoppable way, but there is no awareness of the risks of not using or managing it correctly.
For more information, see the full report.