SRC003 — https://www.blackduck.com/blog/open-source-trends-ossra-report.html¶
Contents¶
Metadata¶
| Field | Value |
|---|---|
| URL | https://www.blackduck.com/blog/open-source-trends-ossra-report.html |
| Authors | Black Duck (formerly Synopsys) |
| Date | February 25, 2026 |
Content Summary¶
The Black Duck 2026 OSSRA report blog post confirms: 87% of all audited codebases contained at least one vulnerability, mean vulnerabilities per codebase rose 107% to 581, 78% contained high-risk vulnerabilities, and 93% contained components with no development activity in two years. Based on analysis of 947 commercial codebases across 17 industries.
Reliability: High¶
Primary source from the report publisher, established industry report in its 10th+ year.
Relevance: High¶
Contains the exact figures cited in claim C003: 87%, 581 vulnerabilities, 107% increase.
Bias Assessment¶
| Domain | Rating | Rationale |
|---|---|---|
| Missing Data | Some concerns | Blog summary lacks full methodological detail; full PDF report would have more. |
| Measurement | Low risk | Uses automated Black Duck SCA scanning of codebases, an objective measurement. |
| Selective Reporting | Some concerns | Industry vendor report that emphasizes alarming findings to drive product demand. |
| Randomization | N/A | Not an RCT. |
| Protocol Deviation | N/A | Not an RCT. |
| Conflict Of Interest | High risk | Black Duck sells SCA tools; alarming vulnerability statistics directly support their product marketing. |