Skip to content

C003 — H1:

Contents

Statement: The Synopsys/Black Duck OSSRA report (likely 2025 or 2026 edition) reports that 87% of audited codebases contain at least one known open source vulnerability, with an average of 581 vulnerabilities per codebase and a 107% year-over-year increase in average vulnerability count.

Supporting Evidence Would Show

  • Direct access to the OSSRA report confirming these exact figures.
  • Press releases, blog posts, or media coverage quoting these specific statistics from the OSSRA report.
  • Third-party analyses citing these OSSRA figures.

Eliminating Evidence Would Show

  • The OSSRA report itself reporting different figures.
  • Evidence that these figures are from a different year's OSSRA report than claimed or have been conflated from multiple reports.
  • Retraction or correction of these figures by Synopsys/Black Duck.

← Back to item overview