osterman-top3

osterman-banner

Uncovering the Presence of Vulnerable Open-Source Components in Commercial Software

Osterman Research Report

The recent cybersecurity presidential executive order put a spotlight on software supply chain security. The findings in this research report present a serious weakness in the software supply chain of many widely used commercial off-the-shelf software applications. Results found that all applications in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components that put enterprise organizations at risk of cyberattacks.

osterman

Exhibit: Vulnerability Severity per Category; Component with the highest CVSS score in a product

Report Highlights

  • Applications in the meeting and email client categories are the most vulnerable
  • 100% of all analyzed applications contain vulnerable open-source components
  • Critical vulnerabilities (CVSS 10.0) are found in 85% of these applications
  • These widely used applications present serious cybersecurity risk to organizations

 

GrammaTech used its CodeSentry software supply chain security platform to analyze widely used software applications for the presence of open-source components and vulnerabilities. Osterman Research studied the output of the analysis to generate this report.

Download White Paper

About Us

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions. GrammaTech helps organizations develop and release high quality software, free of harmful defects that cause system failures, enable data breaches, and increase corporate liabilities in today's connected world.

Learn More [fa icon="long-arrow-right"]

More Links

Contact Us

[fa icon="phone"] General: +1-607-273-7340

[fa icon="phone"]  Sales: +1-301-941-4532

[fa icon="envelope"]  sales@grammatech.com

[fa icon="linkedin-square"] [fa icon="twitter-square"]
Copyright 2023, GrammaTech, Inc. All rights reserved. | CodeSonar and CodeSurfer are registered trademarks of GrammaTech, Inc.
[fa icon="chevron-up"]