Open source software security was analyzed in a recent report by Synopsys. According to the report, nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities.
Source: Security Magazine