The 2022 State of Open Source Security Report

In collaboration with the Linux Foundation

Open source software (OSS) is at the core of the software applications we depend on today. With nearly all applications relying on dependent components, supply chain security’s growing complexity puts a greater focus on OSS than ever before.

In May 2022 Snyk partnered with the Linux Foundation to release the State of Open Source Security Report - combining Linux Foundation research with survey data from over 550 Snyk Open Source (SCA) customer organizations.

Download This Free Content

This report sheds light on the current security posture of open source software and reflects on key concerns and trends including:

  • Over four out of every ten (41%) organizations do not have high confidence in their open source software security - with only 49% of organizations stating they have a security policy for OSS development.

  • The average application development project has 49 vulnerabilities and 80 direct dependencies (open source code called by a project); and,

  • The time it takes to fix vulnerabilities in open source projects has steadily increased, more than doubling from 49 days in 2018 to 110 days in 2021.


Interested in a demo?

Automatically find and fix vulnerabilities throughout your SDLC workflow