Seventy-four percent of codebases had high-risk open source vulnerabilities last year, representing a significant increase over the 48% of those with exploited flaws, proof-of-concept exploits, and remote code execution issues in 2022, even though the percentage of codebases with one or more flaws held steady, reports SiliconAngle.
Most of the codebases with high-risk security issues were from the computer hardware and semiconductor sectors, followed by the robotics and industrial sectors, according to a Synopsys report. The findings also showed that elevated prevalence of open source licensing conflicts in codebases, which was most apparent among semiconductor and computer hardware firms. Meanwhile, the mounting occurrence of high-risk vulnerabilities in codebases has been linked to weaker patching practices brought upon by layoffs. "The increasing pressure on software teams to move faster and do more with less in 2023 has likely contributed to this sharp rise in open source vulnerabilities," said Synopsys Software Integrity Group General Manager Jason Schmitt.
