Critically Vulnerable Open Source Code Found in COTS Apps

Posted on


Video interview with Michael Sampson

On August 4, Osterman Research released a software supply chain study conducted against data collected by GrammaTech’s Code Sentry Software Supply Chain testing product. Study of that data found that 100 percent of commercial applications that use open source components contain vulnerabilities within their open source components and that 85% of the browser, email, file sharing, online meeting and messaging products tested had at least one critical vulnerability with a 10.0 CVSS (Common Vulnerability Scoring System) score, which is the highest possible.

In this video interview, Michael Sampson, Senior Analyst Osterman Research and author of the report discusses his findings and offers advice on how to avoid some of the pitfalls of open source.

A complete copy of the report is available here. GrammaTech and Osterman Research will also host a related webinar, Exposing Software Supply Chain Security Blind Spots that reveals more research findings on Sep 15 at 2:00 pm EDT. Register here.

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now