2023 State of Open Source Security Report

Open source software (OSS) dominates the technology landscape, yet security measures and tooling in the software supply chain are lagging behind the pace of development. While progress has been made, there is much room for improvement, including making supply chain security a core foundation of the software development lifecycle process.

In May 2023 Snyk analyzed survey responses from over 500 organizations and anonymized data collected from Snyk product usage to release the State of Open Source Security Report.

Download the Report

This report sheds light on the current security posture of open source software and reflects on key concerns and trends including:

  • 40% of respondents still don’t use key supply chain security technologies like SCA or SAST – despite cyber attacks hitting record highs with an increasing focus on open source code 
  • 96% of organizations are addressing supply chain security problems on an ad hoc basis – yet only half have a formalized supply chain security strategy in place
  • 62% of respondents said that at least one out of every four vulnerability alerts they received from using automation tools were false positives, and 35% said false positives represented over half of vulnerability alerts

Interested in a demo?

Automatically find and fix vulnerabilities throughout your SDLC workflow