1、State of Open SourceSecurity Report2020 Table of contentsThe open source universe 9Ecosystem growth 10The security implications of open source development 12Addressing infrastructure and container security risk 31 Security in Linux distributions 32Guest commentary:Red Hat 33Docker images 34Kubernete

2、s security 36Helm security 38Detailed open sourcevulnerability analysis 14High-level vulnerability trends 15Spotlight:Whats old is new again 19Vulnerability impacts in 2019 20Spotlight:Snyk discovers prototype pollution in Lodash 24Ecosystem vulnerability analysis 25Security and vulnerability manage

3、ment practices 39 Security as a culture 40Guest analysis:CircleCI 42Spotlight:Creating a culture of shared security responsibility at Segment 44Evaluating package health 45Container image health 46Security practices 47Vulnerability remediation 50Maintainer security performance 531234Introduction 3Ke

4、y takeaways and trends 4About out survey 5Report conclusions&recommendations 55All rights reserved.2020 Snyk3IntroductionThe use of open source software has become almost ubiquitous in the software development community.Development ecosystems have grown in their dependence on third-party libraries a

5、nd packages to streamline development.Awareness of how the increased prevalence of open source software impacts the security posture of enterprise organizations appears to be growing as well.For their part,the open source community is responding.In November of 2019,GitHub(acquired in 2018 by Microso

6、ft)announced the launch of the GitHub Security Lab with free access to its CodeQL code review tool and the opening of its Advisory database to public access.However,the question remainsis this increased awareness translating into improved security and practices related to the use of open source soft