《新思科技（Synopsys）：2022年开源安全与风险分析(OSSRA)报告（英文版）（24页）.pdf》由会员分享，可在线阅读，更多相关《新思科技（Synopsys）：2022年开源安全与风险分析(OSSRA)报告（英文版）（24页）.pdf（24页珍藏版）》请在三个皮匠报告上搜索。

1、2022 OPEN SOURCE SECURITY AND RISK ANALYSIS REPORT22022 OPEN SOURCE SECURITY AND RISK ANALYSIS REPORT|2022 Synopsys,Inc.TABLE OF CONTENTSIntroduction.3ABOUT THE 2022 OPEN SOURCE SECURITY AND RISK ANALYSIS REPORT AND THE CYRC.4Overview.52022 in review.6Terminology .7Industries in the OSSRA.8Vulnerabi

2、lities and Security.9Open source vulnerabilities and security.102021:The Year of Open Source.11Vulnerabilities in Industries.12The Executive Order and Supply Chain Security.13The top 10 vulnerabilities.14Licensing.15Open source licensing.16Understanding license risk .17Open Source Maintenance.18Main

3、tenance by Open Source Developers.19Is Your Organization Supporting Open Source?.19Maintenance by Open Source Consumers.20Conclusion.21A Prescription for the“Witches Brew”of Open Source.22Are We Vulnerable?Are Our Customers Vulnerable?Will We Be Held Accountable?.22Open Source:A Charm of Powerful Tr

4、ouble.22A Software Bill of Materials.2232022 OPEN SOURCE SECURITY AND RISK ANALYSIS REPORT|2022 Synopsys,Inc.INTRODUCTIONINTRODUCTION42022 OPEN SOURCE SECURITY AND RISK ANALYSIS REPORT|2022 Synopsys,Inc.INTRODUCTIONABOUT THE 2022 OPEN SOURCE SECURITY AND RISK ANALYSIS REPORT AND THE CYRCWelcome to t

5、he 2022 Open Source Security and Risk Analysis(OSSRA)report.The 7th edition of OSSRA delivers our annual in-depth look at the current state of open source security,compliance,licensing,and code quality risks in commercial software.Synopsys shares these findings to help security,legal,risk,and develo

6、pment teams better understand the security and license risk landscape.The data in this report is possible thanks to the Synopsys Cybersecurity Research Center(CyRC),whose mission is the publication of security advisories and research that help organizations better develop and consume secure,high-qua