Chart of the Week

OCT 2023: VOLUME 2

Fixed vs Unfixed Vulnerabilities Distribution in Open-Source Software

The Data

Based on Lineaje AI Labs research the majority of vulnerabilities in open-source are not fixed by open source developers. Lineaje AI labs analyzed 121,443 open-source projects and discovered 118,573 vulnerabilities in them. The saving grace is that vulnerabilities are not evenly distributed across dependencies.

The Implication

  • Select well managed open-source dependencies that also have well managed open-source dependencies: The reputation of your direct open-source dependency matters little, if their supply chain consists of badly maintained components. Assess the entire supply chain, not just your direct dependency to ensure you ship secure software.
  • Good innovators are not necessarily good maintainers: The most innovative projects are not always the most well maintained. It is highly likely that your open-source dependencies meet your innovation goals but fail miserably in meeting your software maintainability goals.
Products
SBOM360SBOM360 HubThird Party Risk ManagerOpen Source ManagerLineaje AI
cOMPANY
About UsContact Us
rESOURCES
BlogChart of the WeekSoftware Supply Chain Security SummitFeatureHubLearning CenterNews & CoverageCompliance
© 2024 Lineaje Inc
Terms & Conditions
Privacy Policy