The 2020 Open Source Security and Risk Analysis report examines audit data from 1,250+ commercial codebases and reveals trends in how organisations are using and managing open source — and where there’s room to improve. Our new infographic shows the most important open source trends from the 2020 OSSRA report. Get the PDF version here.

Numbers were taken from anonymised data on 1,253 commercial codebases from 17 industries — from aerospace to virtual reality — examined in 2019 by the Black Duck Audit Services team.

Codebases & open source

  • 99% of codebases audited in 2019 contained open source components.
  • In 9 of 17 industries, 100% of the codebases contained open source.
  • Open source made up 70% of the audited codebases.


  • 75% of codebases contained vulnerabilities.
  • 49% of codebases contained high-risk vulnerabilities.


  • 33% of codebases contained unlicensed software.
  • 67% of codebases had license conflicts.

Operational factors

  • 82% of codebases had components more than four years out of date.
  • 88% of components had no development activity in the last two years.