Lineaje Weekly Chart

Recent findings based on Lineaje Labs study, reveal that asignificant 89% of components in open source projects are free from vulnerabilities! This discovery challenges the misconception that open source inherently compromises software security.

The recent finding that 90% of software components in open-source software reside in transitive, invisible dependencies carries significant security implications for the software development community.

Brace yourselves for a game-changing revelation! Recent research has shed light on a pivotal security insight: a staggering 68% of code in Open Source Software (OSS) packages is contributed by providers and suppliers other than the package owner!

‍This finding carries profound security implications, underlining the intricate web of dependencies within OSS projects. It reinforces the critical need for a robust Software Supply Chain Security Management Service. Understanding and addressing these implications is paramount.

In today's rapidly evolving tech landscape, open-source software has become the backbone of countless applications and systems. However, a recent study by Lineaje AI Labs has shed light on a concerning statistic - a staggering 40% of open-source software components have a Critical inherent risk score.

Within open-source software, a fascinating trend has emerged: packages are reused an average of 2.7 times within the same open-source project. This phenomenon carries significant implications for security, software supply chain security, and maintenance practices within the open-source ecosystem.

Based on Lineaje AI Labs research the majority of vulnerabilities in open-source are not fixed by open source developers. Lineaje AI labs analyzed 121,443 open-source projects and discovered 118,573 vulnerabilities in them. The saving grace is that vulnerabilities are not evenly distributed across dependencies.

Based on Lineaje Labs research a staggering 77% of vulnerabilities in open-source reside within transitive dependencies (which your developers cannot patch). Open Source Projects pull in 20+ levels of dependencies. Along with those dependencies come their vulnerabilities. Lineaje AI labs analyzed 121,443 open source projects and discovered 118,573 vulnerabilities in them.

Lineaje research indicates that 8.3% of Open Source Software is of unknown origin.

• 3% of components embedded in open source software as dependencies don’t come from where the open source developers claimed to have gotten them from. So you don’t know where they came from and neither do the developers that included them!
• 5.3% of all components come from the PURL (Package URL) where they were included. However, the version included does not match the version published by the developing product. They have been tampered with and the tampered source code from where they were built is not available to you.