The Synopsys Cybersecurity Research Center (CyRC)’s annual Open Source Security and Risk Analysis (OSSRA) report this year provides an in-depth snapshot of the current state of open source security, compliance, licensing, and code quality risk in commercial software.

In this 6^th edition of the report, the CyRC teams examined anonymized audit findings from over 1,500 commercial codebases in 17 industries.

You need look no further than the pages of this report to see that open source libraries are the foundation for literally every application in every industry. But paralleling the popularity of open source is a growth in risk — specifically around open source licensing, security, code quality, and maintenance.

The 2021 OSSRA also includes recommendations to help open source developers and consumers better understand the software ecosystem they are part of, as well as the risks that come with unmanaged open source development and use.