Nearly three-quarters of codebases assessed for risk by Synopsis in 2023 contained open source components with high-risk vulnerabilities, according to a just-released report from the company, a provider of application security testing tools.
While the number of codebases with at least one open source vulnerability remained consistent year over year at 84%, Synopsis said, the number that contained high-risk vulnerabilities increased dramatically, from 48% in 2022 to 74% in 2023. Synopsis defines high-risk vulnerabilities as vulnerabilities that have been exploited, or have documented proof-of-concept exploits, or have been classified as remote code execution vulnerabilities.