Critically Vulnerable Open Source Code Found in COTS Apps

August 24, 2021

Video interview with Michael Sampson

 

 

 

On August 4, Osterman Research released a software supply chain study conducted against data collected by GrammaTech’s Code Sentry Software Supply Chain testing product. Study of that data found that 100 percent of commercial applications that use open source components contain vulnerabilities within their open source components, and that 85% of the browser, email, file sharing, online meeting and messaging products tested had at least one critical vulnerability with a 10.0 CVSS (Common Vulnerability Scoring System) score, which is the highest possible. 

In this video interview, Michael Sampson, Senior Analyst Osterman Research and author of the report discusses his findings and offers advice on how to avoid some of the pitfalls of open source. 

A complete copy of the report is available here. GrammaTech and Osterman Research will also host a related webinar, Exposing Software Supply Chain Security Blind Spots that reveals more research findings on Sep 15 at 2:00 pm EDT. Register here

osterman-banner copy

 

Interested in trying CodeSonar or CodeSentry for yourself?
Book Evaluation

Recent Articles

Popular Articles

Posts by Topic