We recently published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. This analysis, which examined 351,000 external libraries in 85,000 applications, found that open source libraries are, as expected, ubiquitous in applications, and that they do in fact contain risky code. But it also unearthed some good news about ways to keep track of and alleviate that risk. Below we highlight the top 50 open source libraries by language. Get all the data and details in the full State of Software Security: Open Source Edition report.
Each circle represents an open source library; its placement is relative to the percent of applications that library is used in. Each circle is colored by whether the library has any detectable security flaws, and the severity of those flaws. Hovering over each point will give more information.