Skip to content

C004 — H1:

Contents

Statement: Sonatype's State of the Software Supply Chain report states that 95% of vulnerable open source components consumed by downstream projects have a known fix available, and this figure is accurately reported.

Supporting Evidence Would Show

  • The Sonatype 2024 report containing this specific figure
  • Press coverage or summaries citing this 95% statistic from Sonatype
  • Sonatype's methodology description explaining how they measured fix availability

Eliminating Evidence Would Show

  • The Sonatype report containing a substantially different figure
  • Evidence that this statistic comes from a different year or different Sonatype publication
  • The report using different framing that changes the meaning (e.g., 95% of vulnerabilities vs. 95% of components)

← Back to item overview